TWiki System Requirements

Server and client requirements

Low client and server base requirements are core features that keep TWiki widely deployable, particularly across a range of browser platforms and versions. Many Plugins and contrib modules exist which enhance and expand TWiki's capabilities; they may have additional requirements.

Server Requirements

TWiki is written in Perl 5, uses a number of shell commands, and requires RCS (Revision Control System), a GNU Free Software package. TWiki is developed in a basic Linux/Apache environment. It also works with Microsoft Windows, and should have no problem on any other platform that meets the requirements.

5.7 or higher (including GNU diff) Optional, TWiki includes a pure Perl implementation of RCS that can be used instead (although it's slower)

GNU diff

GNU diff 2.7 or higher is required when not using the all-Perl RcsLite. Install on PATH if not included with RCS (check version with diff -v) Must be the version used by RCS, to avoid problems with binary attachments - RCS may have hard-coded path to diff

GNU df

Used by the site statistics to record disk usage statistics, optional. The df command is pre-installed on Linux and OS-X. On Windows install the CoreUtils for Windows.

A suitable version ships with TWiki since TWiki-6.0.2 using CgiContrib, e.g. it is no longer necessary to install or downgrade this module. Versions 2.89 and 3.37, as well as version > 4.13 must be avoided.

CGI::Carp

>=1.26

Config

>=0

Cwd

>=3.05

Data::Dumper

>=2.121

Encode

>=2.1

Error

Included in TWiki distribution

File::Copy

>=2.06

File::Find

>=1.05

File::Spec

>=3.05

File::Temp

>=0.18

This version included in Perl 5.9.5. File::Temp needs to be updated on RedHat 5 and CentOS 5.

Most of them will probably already be available in your installation. You can check version numbers with the configure script, or if you're still trying to get to that point, check from the command line like this:

perl -e 'use FileHandle; print $FileHandle::VERSION."\n"'

Client Requirements

CSS and Javascript are used in most skins, although there is a low-fat skin (Classic skin) available that minimizes these requirements. Some skins will require more recent releases of browsers. The default skin (Pattern) is tested on IE 6, Safari, and Mozilla 5.0 based browsers (such as Firefox).

TWiki Installation Guide

The following is installation instructions for the TWiki-6.0 production release on an Apache web server on Linux. Visit TWiki:TWiki.InstallingTWiki for the latest updates to this guide and supplemental information for installing or upgrading TWiki, including notes on installing TWiki on different platforms, environments and web hosting sites.

If you are upgrading from a previous version of TWiki, you probably want to read TWikiUpgradeGuide instead.

Preparing to install TWiki

Before attempting to install TWiki, you are encouraged to review the AdminSkillsAssumptions. This guide assumes you have, at a minimum, basic knowledge of server administration on the system on which TWiki is to be installed. While it is possible to install TWiki with FTP access alone (for example, on a hosted site), it is tricky and may require additional support from your hosting service (for example, in setting file ownership and installing missing Perl CPAN libraries).

To help setup a correct Apache configuration, you are very much encouraged to use the automatic tool TWiki:TWiki.ApacheConfigGenerator which generates the contents for an Apache config file for TWiki based on your inputs.

While this installation guide specifically describes installation on an Apache web server on Linux, TWiki should work fine with any web server and OS that meet the system requirements (see below). For additional notes on installing TWiki on other systems, see TWiki:TWiki.InstallingTWiki#OtherPlatforms.

If you are installing TWiki without Unix/Linux root (administrator) privileges (for example, on a hosted domain), see "Notes on Installing TWiki on Non-Root Account" below for supplemental instructions to the basic steps presented below.

If you are upgrading from an earlier major version of TWiki such as Cairo (TWiki-3) or TWiki 4.x you will need the information found at TWikiUpgradeGuide.

One of the more difficult tasks is installation of additional CPAN libraries. See TWiki:TWiki.HowToInstallCpanModules for detailed information on how to install CPAN libraries.

Basic Installation

Copy the downloaded package into the directory where you want to install TWiki (Example: /var/www). Unpack the distribution in it (Example: tar xvfz TWiki-6.0.1.tgz). The unpack will create a directory called twiki which contains the TWiki package. In the rest of this document we assume this directory is called twiki.

Note: TWiki does not allow spaces in directory names. Especially on Windows make sure to use a directory path without spaces.

Warning: Do not just run a chmod -R 770 twiki. The access rules have different meaning for files and directories. This is the most common mistake installers make.

The distribution tgz has the file and directory access rights setup to work with a reasonable security level that will work for all types of installations including shared hosting.

The ownership of the twiki directory tree is normally set to the user that unpacked the tgz and will have to be changed to the webserver user using the command chown -R user:group /path/to/twiki. The webserver username varies from Distributions. Examples for some major distributions:

If you mistakenly change the access rights in a way that makes TWiki stop working, simply run the script found at TWiki:TWiki.SettingFileAccessRightsLinuxUnix to set the access rights of the entire TWiki tree back to the defaults in the distribution.

It is possible to define tighter access rules than the ones given by default after the installation is complete. But how tight they should be depends on your distribution and local needs. Typically you may want to limit all access from world if the webserver machine has login access for other users than root and the web server administrator. For a dedicated web server made just for running TWiki with limited login access the default access rights are reasonable.

Check the Perl installation and CPAN dependencies. Ensure that Perl 5 and the Perl CGI library are installed on your system.

The default location of Perl is /usr/bin/perl. If it's somewhere else, change the path to Perl in the first line of each script in the twiki/bin directory.

Some systems require a special extension on perl scripts (e.g. .cgi or .pl). This is normally only needed under Windows and only where perl scripts are only recognized by file extension. Linux and Unix users should normally never need to do this. If necessary, rename all files in twiki/bin (i.e. rename view to view.pl etc). If you do this, make sure you set the ScriptSuffix option in configure (Step 6).

Create the file LocalLib.cfg located as twiki/bin/LocalLib.cfg

There is a template for this file in twiki/bin/LocalLib.cfg.txt. Simply copy LocalLib.cfg.txt to LocalLib.cfg. Make sure the ownership and access rights of the copy are the same as LocalLib.cfg.txt

The file twiki/bin/LocalLib.cfg must contain a setting for $twikiLibPath, which must point to the absolute directory path of your twiki/lib e.g. /var/www/twiki/lib.

If you need to install additional CPAN modules, but can't update the main Perl installation files on the server, you can set $CPANBASE to point to your personal CPAN install. Don't forget that the webserver user has to be able to read those files as well.

Choose best configuration method for your webserver. There are two ways to configure Apache: config file included from httpd.conf or .htaccess files.

Apache config file: The recommended method is using a config file. With a config file you can put the entire TWiki configuration in ONE file (typically named twiki.conf). Performance is much better with a config file, and makes setting up a correct and safe installation easier. However using a config file requires that you can restart Apache which again means that you need root or sudo access to stop and start Apache. The TWiki apache config file is included from the main Apache config file httpd.conf. Most distributions have a directory from which any file that ends with .conf gets included when you restart Apache (Example RedHat/Fedora/Centos: /etc/httpd/conf.d). If you use a virtual host setup in Apache you should include the twiki.conf file from inside the desired virtual host config in your Apache configuration.

.htaccess files: This option should only be used when you cannot use a config file. Performance is slowed down because Apache has to look through all directories in search of possible .htaccess files each time someone views a page in TWiki. Normally this is the only way to control Apache in a shared host environment where you have no root or sudo privileges.

Configure the webserver

Unless you are an Apache expert setting up the webserver can be quite difficult. But TWiki has three resources that make setting up Apache easier.

The best and easiest way is to use webpage TWiki:TWiki.ApacheConfigGenerator which contains a tool that can generate a safe and working config file for TWiki on Apache.

In the twiki installation you find an example config file misc/twiki_httpd_conf.txt (nevertheless, it is better to use the generator).

In case you do not have root privileges on the server:

In the root of the twiki installation and in the twiki/bin directory you find example .htaccess files you can copy and modify. The files contains help text explaining how to set them up. In twiki/bin you find .htaccess.txt which can be copied to .htaccess and defined access to the CGI scripts.

In the TWiki misc directory you find pub-htaccess.txt which you can copy to pub/.htaccess, subdir-htaccess.txt which you can copy to all directories as .htaccess except bin and pub, and you find root-htaccess.txt which you can copy to .htaccess in the twiki root directory. But again only use .htaccess files if you do not have root privileges.

Specify and reenter a password. This is your configure password, as well as the admin user password once TWiki is running.

Note: In case you forgot the password, you can reset it by deleting $TWiki::cfg{Password} from LocalSite.cfg file from {TWIKI_ROOT}/lib directory.

When you run configure for the first time, you can only edit the General Path Settings section. Save these settings, and then return to configure to continue configuration.

Resolve any errors or warnings it tells you about.

If your webserver can be accessed by more than one domain name make sure to add the additional alternative URLs to {PermittedRedirectHostUrls}

When you return to configure you now need to setup Mail and Proxies. Especially the {WebMasterEmail}, and {SMTP}{MAILHOST} must be defined to enable TWiki to send administrative emails, such as for registration and notification of topic changes. Many ISPs have introduced authentication when sending emails to fight spam so you may also have to set {SMTP}{Username} and {SMTP}{Password}. If you do not want to enable mailing or want to enable it later you can uncheck {EnableEmail}.

You now have a basic, unauthenticated installation running. At this point you can just point your web browser at http://yourdomain.com/do/view and start TWiki-ing away!

Important Server Security Settings

Before you continue any further there are some basic and very important security settings you have to make sure are set correctly.

You absolutely must turn off any kind of PHP, Perl, Python, Server Side Includes etc in the pub directory. TWiki has some built-in protection which renames files with dangerous file names by appending .txt to the file name. But this is a secondary security measure. The essential action that you must take is to turn off any possible execution of any of the attached files. Most Linux distributions have a default Apache installation which has PHP and server side include (SSI) enabled.

Don't put the whole twiki distribution into an HTML document enabled directory. Apache needs to be aware of only two directories: The bin directory should be script enabled, and the pub directory should be HTML document enabled. For those who do not have access to the Apache config files, a sample misc/subdir-htaccess.txt file can be copied as .htaccess to the data, lib, locale, templates, tools and working directories.

Attachments are not secured by default to the access control setting of the topic. In other words, anyone can read them if they know the direct URL of the attachment, which includes name of the web, topic and attachment. You can configure TWiki to secure attachments.

The TWiki:TWiki.ApacheConfigGenerator as well as the example misc/twiki_httpd_conf.txt and example misc/htaccess.txt files include the needed settings that protect against all 3 security elements.

Next Steps

Once you have TWiki installed and running, you might consider the following optional steps for setting up and customizing your TWiki site. Many of the references below refer to topics within your TWiki installation. For example, TWiki.TWikiSkins refers to the TWikiSkins topic in your TWiki web. Easy way to jump directly to view the pages is to open your own TWiki in your browser and write TWiki.TWikiSkins in the Jump test box to the right in the top bar and hit Enter. You can find these topics in the on-line reference copy at the official TWiki website: TWiki-6.0 Release.

Enable Authentication of Users

This step provides for site access control and user activity tracking on your TWiki site. This is particularly important for sites that are publicly accessible on the web. This guide describes only the most common of several possible authentication setups for TWiki and is suitable for public web sites. For information about other setups, see TWikiUserAuthentication, and TWiki:TWiki.TWikiUserAuthenticationSupplement.

These are the steps for enabling "Template Login" which asks for a username and password in a web page, and processes them using the Apache 'htpasswd' password manager. Users can log in and log out.

Under the Security Settings pane of configure :

Select TWiki::LoginManager::TemplateLogin for {LoginManager}.

Select TWiki::Users::HtPasswdUser for {PasswordManager}.

Save your configure settings.

Register yourself using the TWikiRegistration topic. Check that the password manager recognizes the new user. Check that a new line with the username and encrypted password is added to the data/.htpasswd file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file.

Edit a topic (by clicking on the Edit link at beginning or end of topic) to check if authentication works.

Note: The other LoginManager option TWiki::LoginManager::ApacheLogin uses a basic Apache type authentication where the browser itself prompts you for username and password. Most will find the TemplateLogin looking nicer. But ApacheLogin is required when you use Apache authentication methods like mod_ldap where all authentication is handled by an Apache module and not by the TWiki perl code. When you use ApacheLogin the apache configuration must be set up to require authentication of the some but not all the scripts in the bin directory. This section in the Apache config (or .htaccess) controls this

The TWiki:TWiki.ApacheConfigGenerator includes this section when you choose ApacheLogin. In the example misc/twiki_httpd_conf.txt and bin/.htaccess.txt files this section is commented out with #. Uncomment the section when you use ApacheLogin. It is important that this section is commented out or removed when you use TemplateLogin.

Define the Administrator User(s)

Administrators have read and write access to any topic in TWiki, regardless of TWiki access controls. When you install TWiki one of the first things you will want to do is define yourself as an administrator. You become an administrator simply by adding yourself to the TWikiAdminGroup. It is the WikiName and not the login name you add to the group. Editing the Main.TWikiAdminGroup topic requires that you are an administrator. So to add the first administrator you need to login using the internal TWiki admin user login and the password you defined in configure.

Note that if you use ApacheLogin you have to be registered and logged in before you use the internal admin login

Set TWiki Preferences

Preferences for customizing many aspects of TWiki are set simply by editing a special topic with TWiki.

TWikiPreferences. Read through it and identify any additional settings or changes you think you might need. You can edit the settings in TWiki.TWikiPreferences but these will be overwritten when you later upgrade to a newer TWiki version. Instead copy any settings or variables that you want to customize from TWiki.TWikiPreferences and paste them into Main.TWikiPreferences. When you later upgrade TWiki simply avoid overwriting the data/Main/TWikiPreferences.txt file and all your settings will be kept. Settings in Main.TWikiPreferences overrides settings in both TWiki.TWikiPreferences and any settings defined in plugin topics. See notes at the top of TWiki.TWikiPreferences for more information.

Enable Email Notification

Each TWiki web has an automatic email notification service that sends you an email with links to all of the topics modified since the last alert. To enable this service:

Confirm the Mail and Proxies settings in the Configure interface.

Setup a cron job (or equivalent) to call the tools/mailnotify script as described in the MailerContrib topic.

Enable Signed Email Notification

TWiki administrative e-mails are an attractive target for SPAM generators and phishing attacks. One good way to protect against this possibility to enable S/MIME signatures on all administrative e-mails. To do this, you need an an X.509 certificate and private key for the the {WebMasterEmail} email account. Obtain these as you would for any other S/MIME e-mail user.

To enable TWiki to sign administrative e-mails:

Enable e-mail as described above

If necessary, convert your certificate and key files to PEM format ( openssl has all the necessary utilities)

Place the certificate anyplace convenient that the webserver can read. It should be protected against write. The conventional place under linux is /etc/pki/tls/certs

Place the key file in a secure location that only the webserver can read. It must not be readable by anyone else, and must not be served by the webserver.

Using the configure script, change the following settings under Mail and Proxies:

Follow the directions under {MailProgram} to enable an external mail program such as sendmail. Net::SMTP is not supported.

Enter the full path to the certificate file in the {SmimeCertificateFile} configuration variable

Enter the full path to the private key file in the {SmimeKeyFile} configuration variable

Save the configuration

Re-run the configure script an resolve any errors that it identifies

All out-going administrative e-mails will now be signed.

Enable WebStatistics

You can generate a listing manually, or on an automated schedule, of visits to individual pages on a per web basis. For information on setting up this feature, see the TWikiSiteTools topic.

Automate removal of expired sessions and lease files

Per default TWiki cleans out expired session and lease files each time any topic is viewed. This however comes at a cost of lower performance. It is an advantage to define a negative value in configure for {Sessions}{ExpireAfter} (turn on expert mode to see it), and install a cronjob to run the tools/tick_twiki.pl script. Read The topic TWikiScripts#tick_twiki_pl for details how to do this.

Enable Localization

TWiki now supports displaying of national (non-ascii) characters and presentation of basic interface elements in different languages. To enable these features, see the Localization section of configure. For more information about these features, see TWiki:TWiki.InternationalizationSupplement.

Tailor New User Profile Topic

When a new users registers on your TWiki, a user profile topic is created for them based on the NewUserTemplate topic (and its UserForm). It contains additional resources you can use to:

Localize the user topic.

Add and remove fields defined in the UserForm

If you choose to tailor anything you are strongly advised to copy NewUserTemplate and UserForm to the Main web and tailor the Main web copies. TWiki will look for the NewUserTemplate in the Main web first and if it does not exist TWiki uses the default from the TWiki web. By creating a Main.NewUserTemplate and its Main.UserForm you will not loose your customization next time you upgrade TWiki.

If you added or removed fields from the user form you may also want to tailor TWikiRegistration.

Custom Start Web and Homepage

By default the TWiki home is Main.WebHome. Users tend to create content starting from the homepage. In most cases it is better to create a new web (workspace) for default content. That way the Main web can be kept clean and used just for users and TWiki groups. For example, you could create an "Intranet" web if TWiki is primarily used as an intranet, or a "KB" web if used as a knowledge base, etc.

If you have a dedicated web as a starting point you obviously want users start at the home of that web. This can be configured in two places: 1. Redirect from site home to web home, and 2. Set the wiki logo URL.

1. Redirect from site home to web home

When a user enters the domain name of your TWiki she expects to see the homepage. You can do that either with an Apache rewrite rule or an HTML meta redirect to redirect from / to /twiki/bin/view/Intranet/WebHome. Here is an example index.html containing an HTML meta redirect you can use: Customize it and put it in your HTML document root on your TWiki sever:

When a user clicks on the logo in the upper left or on the "Home" link in the top-bar she expects to navigate to the new homepage. You can do that by defining and customizing the following setting in Main.TWikiPreferences as described in the Set TWiki Preferences section:

URL of the logo:
* Set WIKILOGOURL = %SCRIPTURLPATH{view}%/Intranet/WebHome

At the official TWiki website you can find more resources. A good place to start exploring what's possible is TWiki:TWiki.TWikiAdminCookBook which offers tips and tricks for customizing your TWiki site. Many of these are appropriate to implement immediately after installing TWiki and before adding content so now's a good time to look at these.

Customize Special Pages

Some pages are meant to be customized after choice of authentication. If you do not use the internal TWiki password manager the topics that contains the features for changing and resetting passwords and changing the email address should be changed to a note describing how to perform these tasks in your organization. The topics are:

Install Plugins

TWiki:Plugins.WebHome is an extensive library of plugins for TWiki, that enhance functionality in a huge number of ways. A few plugins are pre-installed in the TWiki distribution. For more information on these, see InstalledPlugins.

You activate installed plugin in the Plugins section of configure. In this section you also find a Find More Extensions button which opens an application which can install additional plugins from the TWiki.org website. If you are behind a firewall or your server has no access to the Internet it is also possible to install plugins manually. Manual installation instructions for the plugins can be found in the plugin topics on TWiki.org. Additional documentation on TWiki plugins can be found at TWiki:TWiki.TWikiPluginsSupplement.

Some plugins require that you define their settings in configure. You fill find these under the Extensions section of configure.

WYSIWYG And Raw Edit

From TWiki release 4.2.0 on the WYSIWYG editor has been replaced by a much better and more powerful editor and it was decided that WYSIWYG would be the default edit mode. An Edit Raw link is available for those that have a need or preference for this mode.

However you may prefer to have the same user interface as in TWiki 4.1 where Edit was the raw text editor and you had a WYSIWYG button. This is possible by adding the following setting in the Main.TWikiPreferences, WebPreferences or user hompages:

If your TWiki is used in a commercial application without public access you should replace this by your normal copyright notice. You should also consider adding classifications (e.g. For Internal Use Only) so people do not have to add this manually to every new topic.

If your TWiki is public with public access you need to decide which copyright and license the contributions should be covered by. For open source type applications licenses such as the GNU Free Documentation License, FreeBSD Documentation License, and Creative Commons license are possible licenses to consider. Remember that once people have started contributing it is difficult and not correct to change or impose licenses on existing contributions.

You can create a unique message for each web by adding the WEBCOPYRIGHT setting to WebPreferences in each web. E.g. adding a confidencial classification to a very restricted web.

The WEBCOPYRIGHT in TWiki.WebPreferences covers the documentation that comes with TWiki and is covered by the original TWiki Copyright and GPL License. You will normally leave this unchanged.

Troubleshooting

The first step is to re-run the configure script and make sure you have resolved all errors, and are satisfied that you understand any warnings.

If, by any chance, you forget the "admin" password, the same used in "configure" script, then please login to the server. Delete $TWiki::cfg{Password}= ' ...';. Set the new password using "configure" script.

Failing that, please check TWiki:TWiki.InstallingTWiki on TWiki.org, the supplemental documentation that help you install TWiki on different platforms, environments and web hosting sites. For example:

Appendices

TWiki System Requirements

Low client and server base requirements are core features that keep TWiki widely deployable, particularly across a range of browser platforms and versions. Many Plugins and contrib modules exist which enhance and expand TWiki's capabilities; they may have additional requirements.

Server Requirements

TWiki is written in Perl 5, uses a number of shell commands, and requires RCS (Revision Control System), a GNU Free Software package. TWiki is developed in a basic Linux/Apache environment. It also works with Microsoft Windows, and should have no problem on any other platform that meets the requirements.

5.7 or higher (including GNU diff) Optional, TWiki includes a pure Perl implementation of RCS that can be used instead (although it's slower)

GNU diff

GNU diff 2.7 or higher is required when not using the all-Perl RcsLite. Install on PATH if not included with RCS (check version with diff -v) Must be the version used by RCS, to avoid problems with binary attachments - RCS may have hard-coded path to diff

GNU df

Used by the site statistics to record disk usage statistics, optional. The df command is pre-installed on Linux and OS-X. On Windows install the CoreUtils for Windows.

A suitable version ships with TWiki since TWiki-6.0.2 using CgiContrib, e.g. it is no longer necessary to install or downgrade this module. Versions 2.89 and 3.37, as well as version > 4.13 must be avoided.

CGI::Carp

>=1.26

Config

>=0

Cwd

>=3.05

Data::Dumper

>=2.121

Encode

>=2.1

Error

Included in TWiki distribution

File::Copy

>=2.06

File::Find

>=1.05

File::Spec

>=3.05

File::Temp

>=0.18

This version included in Perl 5.9.5. File::Temp needs to be updated on RedHat 5 and CentOS 5.

Most of them will probably already be available in your installation. You can check version numbers with the configure script, or if you're still trying to get to that point, check from the command line like this:

perl -e 'use FileHandle; print $FileHandle::VERSION."\n"'

Client Requirements

CSS and Javascript are used in most skins, although there is a low-fat skin (Classic skin) available that minimizes these requirements. Some skins will require more recent releases of browsers. The default skin (Pattern) is tested on IE 6, Safari, and Mozilla 5.0 based browsers (such as Firefox).

Important note about TWiki Plugins

Notes on Installing TWiki on Non-Root Account

The following supplemental notes to the Basic Installation instructions apply to installing TWiki on a system where you don't have Unix/Linux root (administrator) privileges, for example, on a hosted Web account or an intranet server administered by someone else.

Step 2: If you cannot unpack the TWiki distribution directly in your installation directory, you can unpack the distribution on your local PC and then manually create the directory structure on your host server and upload the files as follows:

Using the table below, create a directory structure on your host server

Upload the TWiki files by FTP (transfer as text except for the image files in pub directory.)

Note: Don't worry if you are not able to put the twiki/lib directory at the same level as the twiki/bin directory (e.g. because CGI bin directories can't be under your home directory and you don't have root access). You can create this directory elsewhere and configure the twiki/bin/LocalLib.cfg file (done in Step 2).

Step 3: Files in the pub directory must be readable as a url. This means that directory permissions should be set to 755 (or 775 ) and file permissions should be set to 644 (or 664). If you can run a chmod command, you can accomplish this in two quick steps by running these commands from the root direct:

chmod -R 755 pub

chmod 644 `find pub -type f -print`

In addition, you should create a .htaccess file in the pub directory, using the template included in the distribution entitled misc/pub-htaccess.txt.

Step 6: In order to run the configure script, create a file called .htaccess in the bin directory that includes the following single line: SetHandler cgi-script . This informs the server to treat all the perl scripts in the bin directory as scripts.

Installing Manually Without Configure

It is highly recommended to use run configure from the browser when setting up TWiki. Configure does a lot of the hard work for you.

But there may be instances where you do not want to use configure or where configure simply won't run because of a missing dependency.

The manual steps you have to take are:

Copy the file lib/TWiki.spec to lib/LocalSite.cfg

Remove the comment # in front of $TWiki::cfg{DefaultUrlHost}, $TWiki::cfg{ScriptUrlPath}, $TWiki::cfg{PubUrlPath}, $TWiki::cfg{PubDir}, $TWiki::cfg{TemplateDir}, $TWiki::cfg{DataDir}, $TWiki::cfg{LocalesDir}, and $TWiki::cfg{OS} and make sure these settings have the correct values.

Make sure to define at least these settings: $TWiki::cfg{LoginManager}, $TWiki::cfg{WebMasterEmail}, $TWiki::cfg{SMTP}{MAILHOST}, $TWiki::cfg{SMTP}{SENDERHOST}.

TWiki Upgrade Guide

This guide covers upgrading from a previous version of TWiki (such as TWiki-5.1) to TWiki-6.0

Overview

TWiki-6.0.0 is a major release that has a shiny new dashboard look. It brings many usability enhancements, strengthens TWiki as an application platform, and scales to very large deployments with thousands of webs and a million pages. Use this guide to upgrade a previous TWiki release to TWiki-6.0. Use the TWikiInstallationGuide if you do not have data to carry forward.

Major Changes Compared to Earlier TWiki Releases

New Upgrade Option with BackupRestorePlugin

TWiki now has a new solution to backup, restore and upgrade TWiki sites. It can be used via browser and on the command line. The BackupRestorePlugin is pre-installed in TWiki-5.1 and later releases; it can be installed in older TWiki releases as low as TWiki-2001-09-01 (Athens Release) to easily create a backup that can be restored on a new TWiki release. This offers an easy upgrade path for TWiki. The plugin is currently in Beta, check TWiki:Plugins.BackupRestorePlugin for updates.

Upgrade Procedure

The following steps are a rough guide to upgrading only. It is impossible to give detailed instructions, as what you have to do may depend on whether you can configure the webserver or not, and how much you have changed distributed files in your current TWiki release.

The main steps are:

Install the new TWiki version, configure it, and get it to work similar to the old version

Install additional extensions (plugins) -- make sure to use the latest versions

Copy all the non-default webs from the old installation to the new

Copy the users from old installation to the new including all their topics from Main

Apply customizations to your skin (logos, menu bars etc)

Apply preferences from old installation

Switch-over

After the extensions are installed (or upgraded) in step 2, take a "golden" backup. That will come in handy for your next patch or upgrade: By checking the differences between the golden copy and your production copy, you will be able to identify all the modifications that you have applied to the core or extensions.

If you are upgrading from a 4.x.x release, you can carry over the configure settings from the old release.

You need to run configure and save the configuration once when you upgrade as this will update the altered and added settings.

You can also choose to start with a fresh configuration and walk through all the settings using your old twiki/lib/LocalSite.cfg as a reference. This way you will not have old obsolete settings in the new LocalSite.cfg.

If at any time during the installation you want to start over from fresh, delete the LocalSite.cfg file and re-run configure.

If you upgrade from an older TWiki your lib/TWiki.cfg from the old TWiki installation is a good resource for some of the settings you will need but you cannot reuse the old TWiki.cfg.

Make sure you have a working basic TWiki before you continue

Install Extensions

From TWiki-4.1.0 and on, the configure script which you ran during installation supports installation of additional plugins.

Manual installation is possible. Follow the instruction on the plugin page at twiki.org.

Check the plugin topics from your old TWiki installation. There may be plugin settings that you want to transfer to the new TWiki installation. Hint: For an easier upgrade later on, set the plugin preferences settings in the Main.TWikiPreferences topic, not in the plugin topic. To identify the plugin, prefix the name of the setting with the capitalized name of the plugin. For example, to change the DEFAULT_TYPE setting of the CommentPlugin, create a COMMENTPLUGIN_DEFAULT_TYPE setting in Main.TWikiPreferences.

InterWikis - If you added your own rules you should save this topic and not overwrite it.

SlideShowPlugin - Make sure you did not change the embedded 'Default Slide Template' If you did you should save it. It is a bad idea to do. It is better to define your own slide show templates as separate topics that do not get overwritten when you upgrade.

Copy your old webs to new TWiki

When upgrading from Cairo or earlier it may be necessary to unlock the rcs files in data and pub directories from the old installation using the following shell commands:

find data -name '*,v' -exec rcs -u -M '{}' \;

find pub -name '*,v' -exec rcs -u -M '{}' \;

Copy your local webs over to the data and pub directories of the new install. Do not copy the default webs: TWiki, Main, Trash, Sandbox, _default, and _empty.

Make sure all data and pub files and directories are owned by the webserver user.

Note: TWiki's WebChanges topics depend on the file timestamp. If you touch the .txt files make sure to preserve the timestamp, or to change them in the sequence of old file timestamps.

Copy Users And Their Topics From Main Web

Copy all the topics from the Main web and corresponding pub/Main directories from the old TWiki to the new TWiki but do not overwrite any of the new topics already inside the new Main directory!

Manually merge all the users from the old Main.TWikiUsers topic to the new TWiki. If you upgrade from Cairo you can simply use the old file and add the missing new system users to the list of users. If you upgrade from TWiki-4.0.x simply use the old topic. Starting from 4.2.0 TWiki no longer ships with a Main.TWikiUsers topic. When you register the first user TWiki now checks for an existing Main.TWikiUsers and if it does not exist it gets created.

If you want users to be able to use a login ID other than their WikiName, such as when using LDAP or SSO authentication, set the configure setting {Register}{AllowLoginName} to 1.

If you use data/.htpasswd for authentication copy this file from the old TWiki to the new.

If you upgrade from Cairo and you are using the Htpasswd login manager, then note that email addresses for users have moved out of user topics and into the password file. There is a script that performs this extra upgrade step for you - see tools/upgrade_emails.pl.

The old Sandbox web may have a lot of useful topic and users may use it actively for drafts. Manually select the topics (remember the corresponding pub directories) from the old Sandbox web and copy them to the one of the new TWiki. Decide if you want to overwrite the sandbox homepage and left menu bar or keep the new.

If you added or removed fields from the user topic form you may also have tailored TWiki.TWikiRegistration. Make sure you either reuse the registration topic from the old installation or apply the same field changes to the new TWiki.TWikiRegistration topic.

Starting from 4.2.0 TWiki ships with NewUserTemplate and UserForm in the TWiki web. If you choose to tailor anything you are strongly advised to copy NewUserTemplate and UserForm to the Main web and tailor the Main web copies. TWiki will look for the NewUserTemplate in the Main web first and if it does not exist it uses the default from the TWiki web. By creating a Main.NewUserTemplate and its Main.UserForm you will not loose your tailorings next time you upgrade TWiki.

Make sure all data and pub files and directories are owned by the webserver user.

Apply Preferences From Old Installation

Transfer any customized and local settings from TWiki.TWikiPreferences to the topic pointed at by {LocalSitePreferences} (Main.TWikiPreferences). Per default this is Main.TWikiPreferences. This avoids having to write over files in the distribution on a later upgrade.

If you changed any of the topics in the original TWiki distribution, you will have to transfer your changes to the new install manually. There is no simple way to do this, though a suggestion is to use 'diff' to find changed files in the data/TWiki of the old and new TWiki installation, and transfer the changes into the new TWiki install. If you can run a GUI on your server, you may find that using a visual diff tool like WinMerge, meld, kdiff3, xxdiff, etc. is helpful.

Compare the WebPreferences topics in the old TWiki Installation with the default from the new TWiki installation and add any new Preferences that may be relevant.

Compare the WebLeftBar topics in the old TWiki Installation with the default from the new TWiki installation and add any new feature that you desire.

Switch-Over

Once you have tested the new TWiki you can switch over to the new site.

If the same domain and URL is used:

Update the DNS settings of the TWiki domain with the IP address of the new TWiki server.

Keep in mind that the updated DNS is not seen immediately by all users at the same time. The DNS propagation can take several hours and depends on the time to live (TTL) setting. Because of this it is recommended to disable content update on the old server. You could simply rename or move all scripts in twiki/bin that allow content update, such as attach, edit, manage, rename, save, upload, rest. Alternatively, if you have a recent TWiki version on the old server you can set a READONLYSKINMODE = 1 setting in Main.TWikiPreferences to turn the skin into read-only mode.

If the domain or URL changes:

Add a DNS setting for the new TWiki domain if needed.

Redirect users visiting the old TWiki to the new TWiki. The TWiki:Plugins.MovedSkin has been designed for that task. Install it on your old TWiki, and configure it with the proper URL of the new TWiki. After that, users on the old TWiki will see a yellow box informing them of the move, with a link to the new URL of the page visited.

Customization of Special Pages

Some pages in the TWiki web are meant to be customized after choice of authentication. If you do not use the internal TWiki password manager the topics that contains the features for changing and resetting passwords and changing the email address should be changed to a note describing how to perform these tasks in your organization. If you have made such customizations remember to replace these topics in the TWiki web with the tailored versions from your old installation. The topics are:

TWiki.ChangePassword

TWiki.ResetPassword

TWiki.ChangeEmailAddress

Upgrading from Cairo to TWiki-4 (additional advice)

Favicon

TWiki-4's PatternSkin introduces the use of the favicon feature which most browsers use to show a small icon in front of the URL and for bookmarks.

In TWiki-4 it is assumed that each web has a favicon.ico file attached to the WebPreferences topic. When you upgrade from Cairo to TWiki-4 you do not have this file and you will get flooded with errors the error log of your web server. There are two solutions to this.

Attach a favicon.ico file to WebPreferences in each web.

Preferred: Change the setting of the location of favicon.ico in TWikiPreferences so all webs use the favicon.ico from the TWiki web. This is the fastest and easiest solution.

To change the location of favicon.ico in TWikiPreferences to the TWiki web add the following setting to Main.TWikiPreferences:

* Set FAVICON = %PUBURLPATH%/%SYSTEMWEB%/%WEBPREFSTOPIC%/favicon.ico

TWikiUsers topic in Main web

Your old Main.TWikiUsers topic will work in the new TWiki but you will need to ensure that the following four users from the TWikiUsersTemplate topic are copied to the existing TWikiUsers topic in proper alphabetical order:

TWikiContributor - placeholder for a TWiki developer, and is used in TWiki documentation

TWikiGuest - guest user, used as a fallback if the user can't be identified

TWikiRegistrationAgent - special user used during the new user registration process

UnknownUser - used where the author of a previously stored piece of data can't be determined

You additionally need to ensure that TWikiUsers has the Set ALLOWTOPICCHANGE = TWikiAdminGroup, TWikiRegistrationAgent access control setting. Otherwise people will not be able to register.

Important Changes since TWiki-4.0.5

Supported Perl version

TWiki 4.0.5 worked on Perl version 5.6.X. Reports from users has shown that unfortunately TWiki 4.1.0 does not support Perl versions older then 5.8.0. It is the goal that TWiki should work on at least Perl version 5.6.X but none of the developers have had access to Perl installations older than 5.8.0.

Since TWiki 4.1.0 has some urgent bugs the development team decided to release TWiki 4.1.1 without resolving the issue with Perl 5.6.X. We will however address this and try and resolve it for a planned 4.1.2 release. The TWiki community is very interested in contributions from users that have fixes for the code which will enable TWiki to run on older versions of Perl.

Template spec changed

Until TWiki 4.0.5 TWikiTemplates the text inside template definition blocks (anything between %TMPL:DEF{"block"}% and %TMPL:END% was stripped of leading and trailing white space incl new lines.

This caused a lot of problems for skin developers when you wanted a newline before or after the block text.

From TWiki 4.1.0 this has changed so that white space is no longer stripped. Skins like PatternSkin and NatSkin have been updated so that they work with the new behavior. But if you use an older skin or have written your own you will most likely need to make some adjustments.

It is not difficult. The general rule is - if you get mysterious blank lines in your skin, the newline after the %TMPL:DEF{"block"}% needs to be removed. Ie. the content of the block must follow on the same line as the TMPL:DEF.

The spec change have the same impact on CommentPlugin templates where you may have to remove the first line break after the TMPL:DEF. See the CommentPluginTemplate for examples of how comment template definitions should look like in TWiki-4.1.X

An example: A CommentPlugin template that adds a comment as appending a row to a table. Before the spec change this would work.

The advantage of the spec change is that now you can add leading and trailing white space including new lines. This was not possible before.

Important Changes since TWiki-4.1.0

New location for session and other temporary files

An upgrader upgrading to 4.1.1 should note the following important change

The directory for passthrough files and session files have been replaced by a common directory for temporary files used by TWiki. Previously the two configure settings {PassthroughDir} and {Sessions}{Dir} were by default set to /tmp. These config settings have been replaced by {TempfileDir} with the default setting value /tmp/twiki. If the twiki directory does not exist twiki will create it first time it needs it.

It is highly recommended no longer to use the tmp directory common to other web applications and the new default will work fine for most. You may want to delete all the old session files in /tmp after the upgrade to 4.1.1. They all start with cgisess_. It is additionally highly recommended to limit write access to the {TempfileDir} for security reasons if you have non-admin users with login access to the webserver just like you would do with the other webserver directories.

Important Changes since TWiki-4.1.2

New WYSIWYG Editor

TWiki now ships with a new WYSIWYG editor based on TinyMCE which replaces the Kupu based editor. TinyMCE is not a perfect Wysiwyg editor but it is magnitudes better than the previously used Kupu editor.

The WysiwygPlugin that drives the engine behind both TinyMCE has additionally been heavily improved so that fewer TWiki Applications are negatively affected by editing in WYSIWYG mode.

When TinyMCEPlugin is enabled, the Edit button by default becomes WYSIWYG editing mode. A new Raw Edit link has been added to enable application developers to edit the good old way.

The WYSIWYG button has been removed.

NEWTOPICLINKSYMBOL removed

The NEWTOPICLINKSYMBOL preference which was deprecated in 4.1 has now been removed from the code. If you want to control the appearance of new links, you can use NEWLINKFORMAT.

UserForm and NewUserTemplate Customization

When a new user registers on TWiki his user topic is created based on the NewUserTemplate and UserForm.

The NewUserTemplate was located in the TWiki web and the UserForm in the Main web. When upgrading TWiki these were some of the topics you had to take care not to overwrite.

From 4.2.0 the UserForm and NewUserTemplate are distributed in the TWiki web. If you create the two in the Main web the Main web version will be used instead. So if you tailor the user topic format or the form then you should always copy the two files to the Main web and modify the ones in the Main web. When you later upgrade TWiki your tailored template and form will not be overwritten.

TWikiUsers no longer distributed

The Main.TWikiUsers topic contains all the registered users. It is a topic you do not want to overwrite when you upgrade TWiki.

From 4.2.0 this file is no longer included in the TWiki distribution. When you register the first time TWiki creates the Main.TWikiUsers topic in the Main web if it does not exist already. This means that you can now upgrade TWiki without risk of overwriting the important TWikiUsers topic.

For new installers this makes no difference at all

For upgraders this is one less problem to worry about as your important Main.TWikiUsers topic now no longer gets overwritten when upgrading.

New working directory

A new working directory which by default is located in the twiki root, has been introduced which contains:

registration_approvals - with 4.2.0 it is moved to here from the data directory.

tmp - so we now avoid having to fight with special access rights and /tmp directory that gets cleaned out when booting.

work_areas - with 4.2.0 it is moved to here from the pub directory. Configure automatically moved the directory when you upgrade.

Note: Remember to restrict access to this new directory when you upgrade.

The configure setting {WorkingDir} defines the container directory for temporary files, extensions' work areas, and intermediate registration data. The default is working under your installation root.

Take care for that change if you run your own routine to delete obsolete session files, which will now be found under working/tmp/cgisess*.

New Internal Admin Login

TWiki 4.2 introduces a new Internal Admin Login feature which uses "admin" (configurable) as username and the password used for configure to become temporary administrator. When you do a new installation you need to use this feature as Main.TWikiAdminGroup is now access restricted by default to avoid security attacks during the hours an installation may take. From configure there is a link to the TWikiAdminGroup topic and on TWikiAdminGroup the step by step instructions are written in a yellow box. Our advice is not to remove this help text in case you need it later.

Important Changes since TWiki-5.0.0

New TopMenuSkin

The TopMenuSkin adds pulldown menus for better usability and corporate/modern look&feel. This skin is based on the PatternSkin, which used the WebLeftBar in each web for navigation. The TopMenuSkin has a new WebTopBar that defines the menu structure in each web. A default menu is shown in case WebTopBar is missing in a web, so you do not need to add a WebTopBar topic to all your existing webs. See TopMenuSkin#WebSpecific instructions in case you need a customized menu structure in a specific web.

Important Changes since TWiki-5.1.0

New Page Bookmarks Feature

A new bookmark feature has been introduced that replaces the personal left-bar links. Bookmarking a page is now a simple point and click operation: In the Account pulldown menu, select "Bookmark this page...". Existing bookmarks can be managed with an edit table in Main.<wikiname>Bookmarks topic, accessible via the "----- Bookmarks -----" pulldown menu of the Account pulldown.

The personal left-bar topics such as JohnSmithLeftBar are no longer used. Ask users to select the "----- Bookmarks -----" pulldown menu of the Account pulldown to initially create the bookmarks topic, then to either bookmark pages, or to manually copy & paste old left-bar links to the bookmarks topic.

User Profile Pages Tailored for Workplace

Previous user profile pages had a bare bones look and the form fields were more tailored for public TWiki sites. TWiki-5.1 brings a more visual/modern page layout with profile picture selector, as well as default form fields tailored for the workplace.

When upgrading user profile pages pay attention to the renamed and removed fields.

Important Changes since TWiki-6.0.0

Spec Change for Empty DENYTOPICVIEW

From TWiki 4.0 and prior to 6.0, the syntax * Set DENYTOPICVIEW = (nothing) in a topic means deny nobody the topic view. The reason for this behavior is that it allows public access to a topic in a restricted web, e.g. having * Set ALLOWWEBVIEW = Main.VipGroup in WebPreferences. This is not symmetric with the fact that an empty DENYWEBVIEW is the same as an undefined DENYWEBVIEW, hence confusing.

From TWiki 6.0 on, an empty DENYTOPICVIEW means the same as not defined. To open up a topic in a restricted web, you need to use * Set ALLOWTOPICVIEW = Main.AllUsersGroup. The Main.AllUsersGroup is new. It is a pseudo group containing all authenticated and unauthenticated users. You can use Main.AllAuthUsersGroup if you want to specify all authenticated users.

To keep publicly accessible topics in restricted webs publicly accessible, the tools/eliminate_emptydenytopic script is provided, which replaces * Set DENYTOPIC<action> = with * Set ALLOWTOPIC<action> = Main.AllUsersGroup in all topics in all webs.

TWiki User Authentication

TWiki site access control and user activity tracking options

Overview

Authentication, or "logging in", is the process by which a user lets TWiki know who they are.

Authentication isn't just about access control. TWiki uses authentication to identify users so it can keep track of who made changes, and manage a wide range of personal settings. With authentication enabled, users can personalise TWiki and contribute as recognised individuals, instead of ghosts.

TWiki authentication is very flexible, and can either stand alone or integrate with existing authentication schemes. You can set up TWiki to require authentication for every access or only for changes. Authentication is also essential for access control.

Quick Authentication Test - Use the %USERINFO% variable to return your current identity:

TWiki user authentication is split into four categories: Password management, user mapping, user registration, and login management. Password management deals with how users' personal data is stored. Registration deals with how new users are added to the wiki. Login management deals with how users log in.

Once a user is logged in, they can be remembered using a Client Session stored in a cookie in the browser (or by other less elegant means if the user has cookies disabled). This avoids the need of having to log in again and again.

TWiki user authentication is configured through the Security Settings pane in the configure interface.

Password Management

As shipped, TWiki supports the Apache 'htpasswd' password manager. This manager supports the use of .htpasswd files on the server. These files can be unique to TWiki, or can be shared with other applications (such as an Apache webserver). A variety of password encodings are supported for flexibility when re-using existing files. See the descriptive comments in the Security Settings section of the configure interface for more details.

You can easily plug in alternate password management modules to support interfaces to other third-party authentication databases.

User Mapping

Often, when you are using an external authentication method, you want to map from an unfriendly "login name" to a more friendly WikiName. Also, an external authentication database may well have user information you want to import into TWiki, such as user groups.

By default, TWiki supports mapping of usernames to wikinames, and supports TWiki groups internal to TWiki. If you want, you can plug in an alternate user mapping module to support importing groups and other entities.

User Registration

New user registration uses the password manager to set and change passwords, and to store email addresses. It is also responsible for the new user verification process. The registration process supports single user registration via the TWikiRegistration page, and bulk user registration via the BulkRegistration page (for admins only).

The registration process is also responsible for creating user topics and setting up the mapping information used by the User Mapping support.

Note: If you are restricting the entire Main web to TWikiGuest, you are required to add TWikiRegistrationAgent to ALLOWWEBCHANGE in your Main/WebPreferences. By doing so, new users are able to register without any errors.

Login Management

Login management controls how users log in. There are three basic options: No login, login via a TWiki login page, and login using webserver authentication support.

No Login (select none in configure)

No Login does exactly what it says. Forget about authentication to make your site completely public - anyone can browse and edit freely, in classic Wiki style. All visitors are given the TWikiGuest default identity so you can't track individual user activity.

Note: This setup is not recommended on public websites for security reasons; anyone would be able to change system settings and perform tasks usually restricted to administrators.

Template Login asks for a username and password in a web page, and processes them using whatever Password Manager you choose. Users can log in and log out. Client Sessions are used to remember users. Users can choose to have their session remembered so they will automatically be logged in the next time they start their browser.

Enabling Template Login

there is also an EXPERT configure setting {TemplateLogin}{PreventBrowserRememberingPassword} that you can set to prevent browsers from remembering usernames and passwords if you are concerned about public terminal usage.

Register yourself in the TWikiRegistration topic. Check that the password manager recognises the new user. If you are using .htpasswd files, check that a new line with the username and encrypted password is added to the .htpasswd file. If not, you probably got a path wrong, or the permissions may not allow the webserver user to write to that file.

Create a new topic to check if authentication works.

Edit the TWikiAdminGroup topic in the Main web to include users with system administrator status.This is a very important step, as users in this group can access all topics, independent of TWiki access controls.

At this time TWikiAccessControls cannot control access to files in the pub area, unless they are only accessed through the viewfile script. If your pub directory is set up in the webserver to allow open access you may want to add .htaccess files in there to restrict access.

You can create a custom version of the TWikiRegistration form by copying the topic, and then deleting or adding input tags in your copy. The name="" parameter of the input tags must start with: "Twk0..." (if this is an optional entry), or "Twk1..." (if this is a required entry). This ensures that the fields are carried over into the user profile page correctly. Do not modify the version of TWikiRegistration shipped with TWiki, as your changes will be overwritten next time you upgrade.

Apache Login (select TWiki::LoginManager::ApacheLogin in configure)

Using this method TWiki does not authenticate users internally. Instead it depends on the REMOTE_USER environment variable, which the webserver passes to TWiki when you enable authentication in the webserver (as described in RFC 3875 - "The Common Gateway Interface v1.1").

The advantage of this scheme is that if you have an existing website authentication scheme using Apache modules, such as mod_authnz_ldap or mod_authn_dbd, you can just plug in directly to them.

The disadvantage is that because the user identity is cached in the browser, you can log in, but you can't log out again unless you restart the browser.

TWiki maps the REMOTE_USER that was used to log in to the webserver to a WikiName using the table in TWikiUsers. This table is updated whenever a user registers, so users can choose not to register (in which case their webserver login name is used for their signature) or register (in which case that login name is mapped to their WikiName).

The same private .htpasswd file used in TWiki Template Login can be used to authenticate Apache users, using the Apache Basic Authentication support.

Warning: Do not use the Apache htpasswd program with .htpasswd files generated by TWiki! htpasswd wipes out email addresses that TWiki plants in the info fields of this file.

Enabling Apache Login using mod_auth

You can use any other Apache authentication module that sets REMOTE_USER.

Use configure to select the TWiki::LoginManager::ApacheLogin login manager.

Use configure to set up TWiki to create the right kind of .htpasswd entries.

Create a .htaccess file in the twiki/bin directory. There is an template for this file in twiki/bin/.htaccess.txt that you can copy and change. The comments in the file explain what needs to be done. If you got it right, the browser should now ask for a login name and password when you click on Edit. If .htaccess does not have the desired effect, you may need to "AllowOverride All" for the directory in httpd.conf (if you have root access; otherwise, e-mail web server support) At this time TWikiAccessControls do not control access to files in the pub area, unless they are only accessed through the viewfile script. If your pub directory is set up to allow open access you may want to add .htaccess files in there as well to restrict access

You can create a custom version of the TWikiRegistration form by copying the default topic, and then deleting or adding input tags in your copy. The name="" parameter of the input tags must start with: "Twk0..." (if this is an optional entry), or "Twk1..." (if this is a required entry). This ensures that the fields are carried over into the user profile page correctly. Do not modify the version of TWikiRegistration shipped with TWiki, as your changes will be overwritten next time you upgrade. The default new user template page is in TWiki.NewUserTemplate. The same variables get expanded as in the template topics. You can create a custom new user profile page by creating the Main.NewUserTemplate topic, which will then override the default.

Register yourself in the TWikiRegistration topic. Check that a new line with the username and encrypted password is added to the .htpasswd file. If not, you may have got a path wrong, or the permissions may not allow the webserver user to write to that file.

Create a new topic to check if authentication works.

Edit the TWikiAdminGroup topic in the Main web to include users with system administrator status.This is a very important step, as users in this group can access all topics, independent of TWiki access controls.

Logons via bin/logon

Any time a user requests a page that needs authentication, they will be forced to log on. It may be convenient to have a "login" link as well, to give the system a chance to identify the user and retrieve their personal settings. It may be convenient to force them to log in.

The bin/logon script enables this. If you are using Apache Login, the bin/logon script must be setup in the bin/.htaccess file to be a script which requires a valid user. Once authenticated, it will redirect the user to the view URL for the page from which the logon script was linked.

Sessions

TWiki uses the CPAN:CGI::Session and CPAN:CGI::Cookie modules to track sessions. These modules are de facto standards for session management among Perl programmers. If you can't use Cookies for any reason, CPAN:CGI::Session also supports session tracking using the client IP address.

You don't have to enable sessions to support logins in TWiki. However it is strongly recommended. TWiki needs some way to remember the fact that you logged in from a particular browser, and it uses sessions to do this. If you don't enable sessions, TWiki will try hard to remember you, but due to limitations in the browsers, it may also forget you (and then suddenly remember you again later!). So for the best user experience, you should enable sessions.

There are a number of TWikiVariables available that you can use to interrogate your current session. You can even add your own session variables to the TWiki cookie. Session variables are referred to as "sticky" variables.

Getting, Setting, and Clearing Session Variables

You can get, set, and clear session variables from within TWiki web pages or by using script parameters. This allows you to use the session as a personal "persistent memory space" that is not lost until the web browser is closed. Also note that if a session variable has the same name as a TWiki preference, the session variables value takes precedence over the TWiki preference. This allows for per-session preferences.

To make use of these features, use the variables:

%SESSION_VARIABLE{ "varName" }%

Read a session variable

%SESSION_VARIABLE{ "varName" set="varValue" }%

Set a session variable

%SESSION_VARIABLE{ "varName" clear="" }%

Clear a session variable

Special read-only session variables:

%SESSION_VARIABLE{"AUTHUSER"}% - user ID, current value:

%SESSION_VARIABLE{"SESSION_REQUEST_NUMBER"}% - number of pages accessed by current user since login, current value:

Notes:

You cannot override access controls preferences this way.

You can use the SetGetPlugin to set and get variables that are not user specific. This plugin can store variables persistently if needed.

Cookies and Transparent Session IDs

TWiki normally uses cookies to store session information on a client computer. Cookies are a common way to pass session information from client to server. TWiki cookies simply hold a unique session identifier that is used to look up a database of session information on the TWiki server.

For a number of reasons, it may not be possible to use cookies. In this case, TWiki has a fallback mechanism; it will automatically rewrite every internal URL it sees on pages being generated to one that also passes session information.

TWiki Username vs. Login Username

This section applies only if you are using authentication with existing login names (i.e. mapping from login names to WikiNames).

Login Username: When you login to the intranet, you use your existing login username, ex: pthoeny. This name is normally passed to TWiki by the REMOTE_USER environment variable, and used internally. Login Usernames are maintained by your system administrator.

TWiki Username: Your name in WikiNotation, ex: PeterThoeny, is recorded when you register using TWikiRegistration; doing so also generates a user profile page in the Main web.

TWiki can automatically map an Intranet (Login) Username to a TWiki Username if the {AllowLoginName} is enabled in configure. The default is to use your WikiName as a login name.

NOTE:To correctly enter a WikiName - your own or someone else's - be sure to include the Main web name in front of the Wiki username, followed by a period, and no spaces, for example Main.WikiUsername or %USERSWEB%.WikiUsername.
This points WikiUsername to the Main web, where user profile pages are located, no matter which web it's entered in. Without the web prefix, the name appears as a NewTopic everywhere but in the Main web.

Changing Passwords

If your {PasswordManager} supports password changing, you can change and reset passwords using forms on regular pages.

Changing E-mail Addresses

If the active {PasswordManager} supports storage and retrieval of user e-mail addresses, you can change your e-mail using a regular page. As shipped, this is true only for the Apache 'htpasswd' password manager.

How to choose an authentication method

One of the key features of TWiki is that it is possible to add HTML to topics. No authentication method is 100% secure on a website where end users can add HTML, as there is always a risk that a malicious user can add code to a topic that gathers user information, such as session IDs. TWiki developers have been forced to make certain tradeoffs, in the pursuit of efficiency, that may be exploited by a hacker.

This section discusses some of the known risks. You can be sure that any potential hackers have read this section as well!

At one extreme, the most secure method is to use TWiki via SSL (Secure Sockets Layer), with a login manager installed and Client Sessions turned off.

Using TWiki with sessions turned off is a pain, though, as with all the login managers there are occasions where TWiki will forget who you are. The best user experience is achieved with sessions turned on.

As soon as you allow the server to maintain information about a logged-in user, you open a door to potential attacks. There are a variety of ways a malicious user can pervert TWiki to obtain another users session ID, the most common of which is known as a cross-site scripting attack. Once a hacker has an SID they can pretend to be that user.

To help prevent these sorts of attacks, TWiki supports IP matching, which ensures that the IP address of the user requesting a specific session is the same as the IP address of the user who created the session. This works well as long as IP addresses are unique to each client, and as long as the IP address of the client can't be faked.

Session IDs are usually stored by TWiki in cookies, which are stored in the client browser. Cookies work well, but not all environments or users permit cookies to be stored in browsers. So TWiki also supports two other methods of determining the session ID. The first method uses the client IP address to determine the session ID. The second uses a rewriting method that rewrites local URLs in TWiki pages to include the session ID in the URL.

The first method works well as long as IP addresses are unique to each individual client, and client IP addresses can't be faked by a hacker. If IP addresses are unique and can't be faked, it is almost as secure as cookies + IP matching, so it ranks as the fourth most secure method.

If you have to turn IP matching off, and cookies can't be relied on, then you may have to rely on the second method, URL rewriting. This method exposes the session IDs very publicly, so should be regarded as "rather dodgy".

Most TWiki sites don't use SSL, so, as is the case with most sites that don't use SSL, there is always a possibility that a password could be picked out of the ether. Browsers do not encrypt passwords sent over non-SSL links, so using Apache Login is no more secure than Template Login.

Of the two shipped login managers, Apache Login is probably the most useful. It lets you do this sort of thing:
wget --http-user=RogerRabbit --http-password=i'mnottelling http://www.example.com/bin/save/Sandbox/StuffAUTOINC0?text=hohoho,%20this%20is%20interesting
i.e. pass in a user and password to a request from the command-line. However it doesn't let you log out.

Template Login degrades to url re-writing when you use a client like dillo that does not support cookies. However, you can log out and back in as a different user.

Finally, it would be really neat if someone was to work out how to use certificates to identify users.....

TWiki Access Control

Restricting read and write access to topics and webs, by Users and groups

TWiki Access Control allows you restrict access to single topics and entire webs, by individual user and by user Groups. Access control, combined with TWikiUserAuthentication, lets you easily create and manage an extremely flexible, fine-grained privilege system.

An Important Control Consideration

Your organization will learn that, while fostering an open collaborative environment, soft security (peer review), together with version control (complete audit trail) will take care of any security concern you might have.

Open, free-form editing is the essence of WikiCulture - what makes TWiki different and often more effective than other collaborative environments. For that reason, it is strongly recommended that decisions to restrict read or write access to a web or a topic are made with great care - the more restrictions, the less wiki in the mix. Experience shows that unrestricted write access works very well because:

Peer influence is enough to ensure that only relevant content is posted.

Peer editing - the ability for anyone to rearrange all content on a page - keeps topics focused.

In TWiki, content is transparently preserved under revision control:

Edits can easily be rolled back to a previous revision if needed.

Users are encouraged to edit and refactor (condense a long topic), since there's a safety net.

As a collaboration guideline:

Create broad-based Groups (for more and varied input), and...

Avoid creating view-only topics (if you can read it, you should be able to contribute to it).

Permissions settings of the webs on this TWiki site

A blank in the the above table may mean either the corresponding control is absent or commented out or that it has been set to a null value. The two conditions have dramatically different and possibly opposed semantics.

Authentication vs. Access Control

Access control: Restrict access to content based on users and groups once a user is identified.

Users and Groups

Access control is based on the familiar concept of Users and Groups. Users are defined by their WikiNames. They can then be organized in unlimited combinations by inclusion in one or more user Groups. For convenience, Groups can also be included in other Groups.

Managing Users

A user can create an account in TWikiRegistration. The following actions are performed:

WikiName and encrypted password are recorded using the password manager if authentication is enabled.

A confirmation e-mail is sent to the user.

A user profile page with the WikiName of the user is created in the Main web.

The default visitor name is TWikiGuest. This is the non-authenticated user.

Managing Groups

The following describes the standard TWiki support for groups. Your local TWiki may have an alternate group mapping manager installed. Check with your TWiki administrator if you are in doubt.

Groups are defined by group topics located in the Main web. To create a new group, visit TWikiGroups and enter the name of the new group ending in Group into the "new group" form field. This will create a new group topic with two important settings:

Set GROUP = < list of Users and/or Groups >

Set ALLOWTOPICCHANGE = < list of Users and/or Groups >

The GROUP setting is a comma-separated list of users and/or other groups. Example:

Set GROUP = SomeUser, OtherUser, SomeGroup

The ALLOWTOPICCHANGE setting defines who is allowed to change the group topic; it is a comma delimited list of users and groups. You typically want to restrict that to the members of the group itself, so it should contain the name of the topic. This prevents users not in the group from editing the topic to give themselves or others access. For example, for the MarketingGroup topic write:

Set ALLOWTOPICCHANGE = MarketingGroup

Note: TWiki has strict formatting rules. Make sure you have a real bullet. (In raw edit it is three or six spaces, an asterisk, and an extra space in front of any access control rule.)

The Super Admin Group

A number of TWiki functions (for example, renaming webs) are only available to administrators. Administrators are simply users who belong to the SuperAdminGroup. This is a standard user group, the name of which is defined by {SuperAdminGroup} setting in configure. The default name of this group is the TWikiAdminGroup. The system administrator may have chosen a different name for this group if your local TWiki uses an alternate group mapping manager but for simplicity we will use the default name TWikiAdminGroup in the rest of this topic.

You can create new administrators simply by adding them to the TWikiAdminGroup topic. For example,

Set GROUP = RobertCailliau, TimBernersLee

A member of the Super Admin Group has unrestricted access throughout the TWiki, so only trusted staff should be added to this group.

Restricting Access

You can define who is allowed to read or write to a web or a topic. Note that some plugins may not respect access permissions.

Restricting VIEW blocks viewing and searching of content. When you restric VIEW to a topic or web, this also restricts INCLUDE and Formatted SEARCH from showing the content of the topics.

Note that there is an important distinction between CHANGE access and RENAME access. A user can CHANGE a topic, but thanks to version control their changes cannot be lost (the history of the topic before the change is recorded). However if a topic or web is renamed, that history may be lost. Typically a site will only give RENAME access to administrators and content owners.

Controlling access to a Web

You can define restrictions on who is allowed to view a TWiki web. You can restrict access to certain webs to selected Users and Groups, by:

authenticating all webs and restricting selected webs: Topic access in all webs is authenticated, and selected webs have restricted access.

authenticating and restricting selected webs only: Provide unrestricted viewing access to open webs, with authentication and restriction only on selected webs.

You can define these settings in the WebPreferences topic, preferable towards the end of the topic:

Set DENYWEBVIEW = < comma-delimited list of Users and Groups >

Set ALLOWWEBVIEW = < comma-delimited list of Users and Groups >

Set DENYWEBCHANGE = < comma-delimited list of Users and Groups >

Set ALLOWWEBCHANGE = < comma-delimited list of Users and Groups >

Set DENYWEBRENAME = < comma-delimited list of Users and Groups >

Set ALLOWWEBRENAME = < comma-delimited list of Users and Groups >

For example, set this to restrict a web to be viewable only by the MarketingGroup:

Set ALLOWWEBVIEW = Main.MarketingGroup

If your site allows hierarchical webs, then access to sub-webs is determined from the access controls of the parent web, plus the access controls in the sub-web. So, if the parent web has ALLOWWEBVIEW set, this will also apply to the subweb. Also note that you will need to ensure that the parent web's FINALPREFERENCES does not include the access control settings listed above. Otherwise you will not be able override the parent web's access control settings in sub-webs.

Creation and renaming of sub-webs is controlled by the WEBCHANGE setting on the parent web (or ROOTCHANGE for root webs). Renaming is additionally restricted by the setting of WEBRENAME in the web itself.

Note: If you restrict access to the Main, make sure to add the TWikiRegistrationAgent so that users can register. Example:

Set ALLOWWEBCHANGE = TWikiAdminGroup, TWikiRegistrationAgent

Note: For Web level access rights Setting any of these settings to an empty value has the same effect as not setting them at all. Please note that the documentation of TWiki 4.0 and earlier versions of TWiki 4.1 did not reflect the actual implementation, e.g. an empty ALLOWWEBVIEW does not prevent anyone from viewing the web, and an an empty DENYWEBVIEW does not allow all to view the web.

Controlling access to a Topic

You can define these settings in any topic, preferable towards the end of the topic:

Set DENYTOPICVIEW = < comma-delimited list of Users and Groups >

Set ALLOWTOPICVIEW = < comma-delimited list of Users and Groups >

Set DENYTOPICCHANGE = < comma-delimited list of Users and Groups >

Set ALLOWTOPICCHANGE = < comma-delimited list of Users and Groups >

Set DENYTOPICRENAME = < comma-delimited list of Users and Groups >

Set ALLOWTOPICRENAME = < comma-delimited list of Users and Groups >

For example, set this to restrict a topic to be viewable only by the MarketingExecGroup:

Set ALLOWTOPICVIEW = Main.MarketingExecGroup

See "How TWiki evaluates ALLOW/DENY settings" below for more on how ALLOW and DENY interacts.

If the same setting is defined multiple times the last one overrides the previous. They are not OR'ed together.

Allowing public access to specific topics in a restricted web

You may want to completely open up access to a specific topic within a restricted web - allowing access by anybody. There is a special group for that - Main.AllUsersGroup. The following setting allows view access to the topic by anybody even if they are not authenticated.

Set ALLOWTOPICVIEW = Main.AllUsersGroup

Alternatively, you can grant access only to authenticated users by Main.AllAuthUsersGroup. If an unauthenticated user accesses a topic having the following setting, they are asked to authenticate themself.

Set ALLOWTOPICVIEW = Main.AllAuthUsersGroup

Remember when opening up access to specific topics within a restricted web that other topics in the web - for example, the WebLeftBar - may also be accessed when viewing the topics. The message you get when you are denied access should tell you what topic you were not permitted to access.

As mentioned in the following section, meaning of an empty value set to DENYTOPICVIEW, DENYTOPICCHANGE, and DENYTOPICRENAME has been changed in TWiki 6.0.
To keep those TWiki topics having empty DENYTOPICOPERAION accessible by everybody, those need to be replaced with

Set ALLOWTOPICOPERATION = Main.AllUsersGroup

For that, tools/eliminate_emptydenytopic is provided.
After upgrading from pre 6.0 to post 6.0, you need to run it.

Empty values in access control variables

Setting an empty value to an access control variable is the same as not setting at all:

Set ALLOWTOPICVIEW =

Since TWiki 4.0 and prior to TWiki 6.0 setting DENYTOPICVIEW, DENYTOPICCHANGE, or DENYTOPICRENAME to an empty value meant "do not deny anyone regardless of the corresponding ALLOWTOPICX", which is no longer the case. Back then, setting an empty value to DENYTOPICX was the only way to open up a topic to everybody in a restricted web. Now that we have AllUsersGroup and AllAuthUsersGroup, there is no need for that behaviour, which caused a lot of confusion and debate.

Securing File Attachments

By default, TWiki does not secure file attachments. Without making the following changes to the twiki.conf file, it is possible for anyone who has access to the server to gain access to an attachment if they know the attachment's fully qualified path, even though access to the topic associated with the attachment is secured. This is because attachments are referred to directly by Apache, and are not by default delivered via TWiki scripts. This means that the above instructions for controlling to topics do not apply to attachments unless you make the changes as described below.

An effective way to secure attachments is to apply the same access control settings to attachments as those applied to topics. This security enhancement can be accomplished by instructing the webserver to redirect accesses to attachments via the TWiki viewfile script, which honors the TWiki access controls settings to topics. See the notes below for implications.

The preferred method to secure attachments is by editing the twiki.conf file to include:

Images embedded in topics will load slower since attached images will also be delivered by the viewfile script. The TWiki web and Sandbox web are excluded for performance reasons.

The viewfile script sets the mime type based upon file name suffix. Unknown types are served as text/plain which can result in corrupt files.

Controlling who can manage top-level webs

Top level webs are a special case, because they don't have a parent web with a WebPreferences. So there has to be a special control just for the root level.

You can define these settings in the Main.TWikiPreferences topic, preferable towards the end of the topic:

Set DENYROOTCHANGE = < comma-delimited list of Users and Groups >

Set ALLOWROOTCHANGE = < comma-delimited list of Users and Groups >

Note that you do not require ROOTCHANGE access to rename an existing top-level web. You just need WEBCHANGE in the web itself.

How TWiki evaluates ALLOW/DENY settings

When deciding whether to grant access, TWiki evaluates the following rules in order (read from the top of the list; if the logic arrives at PERMITTED or DENIED that applies immediately and no more rules are applied). You need to read the rules bearing in mind that VIEW, CHANGE and RENAME access may be granted/denied separately.

the access control setting is ignored. Attention: The spec changed in TWiki-6.0; access was permitted in earlier TWiki releases.

If ALLOWTOPIC is set

people in the list are PERMITTED

everyone else is DENIED

If DENYWEB is set to a list of wikinames

people in the list are DENIED access

If ALLOWWEB is set to a list of wikinames

people in the list will be PERMITTED

everyone else will be DENIED

If you got this far, access is PERMITTED

Allowing web creation by user mapping manager

There are cases where DENYROOTCHANGE, ALLOWROOTCHANGE, DENYWEBCHANGE, and ALLOWWEBCHANGE, and DENYWEBCHANGE are not capable enough to implement web creation permission you want.
To cope with such cases, when a new web is created, the canCreateWeb($cUID, $web) method of the user mapping manager is called if the method exists.
If it returns true, TWiki goes ahead and create the web without checking access control variables.
Please read AllowWebCreateByUserMappingManager for more details.

Forbid certain users to do certain actions by configuration

You may have an unruly registered users (e.g. a crawler program) who don't follow the rules while you don't have control over such users.
And the web application container in which TWiki is installed may be managed by somebody else and you don't have tight and quick control.

To cope with such situations, certain users can be forbidden certain scripts by setting {ForbidUserAction}.
A good example is worth more than a lengthy explanation, so here it is:

If a script list is preceded by !, only the listed scripts are permitted for the user. ! at the beginning of the list negates the list.

TotallyForbidden is forbidden all actions. Here's the logic. There is no script named nothing, which means all scripts don't match "nothing", hence all scripts are forbidden.

And here are some rules:

Spaces, tabs, new lines are ignored

It consists of semicolon separated list of per-user specifications

A specification consists of a user name, colon, and a comma separated list of scripts

A user name needs to be in the canonical form. In most cases the canonical user name is the same as the wiki name. But if you are using non-standard user mapping, the canonical user name of a user is different from the wiki name.

User masquerading

There are cases where it's handy to access TWiki on behalf of somebody else retaining a trace of your real identity rather than completely becoming a different user.
We call it user masquerading.
TWiki provides a framework to implement that.
Please read UserMasquerading for more information.

This is an advanced feature and not many TWiki sites are using, but there is a part in the following section mentioning it, it's mentioned here.

Dynamic access control

There are pitfalls and you need to harden your web to avoid unexpected access.
Before using this feature, please read this entire section through carefully.

You may want to restrict access dynamically -- based on topic name, a form field value, or some combination of factors.
To cope with such situations, the dynamic access control mechanism is provided.
If you set DYNAMIC_ACCESS_CONTROL 'on' at WebPreferences of the web, TWiki variables in access control variables mentioned above are expanded.

Example 1 - restriction based on topic name

Let's assume you need to restrict changes only to the CroniesGroup members except with topics whose name ends with Public, which need be changed by anybody. That is achieve by the following settings on WebPrefences.

Specifically the following access control variables are subject to TWiki variable expansion in their values.

DENYTOPIC* (e.g. DENYTOPICVIEW, DENYTOPICCHANGE)

ALLOWTOIPC*

DENYWEB*

ALLOWWEB*

DENYROOT* and ALLOWROOT* are not subject to variable expansion.
Because there has been no good use cases presented.

Dynamic access control in accessing a different web's topic

Let's assume WebA has the following lines on WebPreferences.

* Set DYNAMIC_ACCESS_CONTROL = on
* Set MEMBERS = JaneSmith, JoeSchmoe
* Set ALLOWWEBVIEW = %MEMBERS%

This is not a good way to use dynamic access control but it does restrict access only to those listed in MEMBERS.
However, access control doesn't work as expected when WebA.TopicB is accessed from WebC.TopicD by %INCLUDE{WebA.TopicB}% or other variables.
This is because %MEMBERS% is defined in WebA and may have a different value in other webs.

You may think the following lines cheat the access control on WebA but actually not.

* Set MEMBERS = %WIKINAME%
%INCLUDE{WebA.TopicB}%

This is because when a topic (e.g. WebC.TopicD) is accessed from browser and the topic refers to another topic in a different web (e.g. WebA.TopicB) and the different web employs dynamic access control, access to another topic is defined being on the safer side.

Topic level dynamic access control

On a topic, it's possible to use a variable defined on the topic for topic level access restriction. E.g.

* Set MEMBERS = JaneSmith, JoeSchmoe
* Set ALLOWTOPICVIEW = %MEMBERS%

[This is not a good way to use dynamic access control

Dynamic access control and user masquerading

Your user mapping handler may be providing the UserMasquerading feature.
In that case, you expect dynamic access control to just work when user masquerading is in effect.
Otherwise, you cannot test if your dynamic access control configuration is working as expected on your own.

Dynamic access control does work as expected even if user masquerading is in effect. For that, the following things are happening under the hood.

Let's think about Example 2 mentioned above.
When you masquerading as SomebodyElse, you need to be able to see SomebodyElse's requests only.
In the access control setting, a form field value is compared with %WIKINAME%.
While user masquerading is in effect, your wiki name is YourNameOnBehalfOfSomebodyElse. It cannot match the form field value.

To make dynamic access control work under these circumstances, variable expansion for dynamic access control is skewed as follows.
Specifically, the following variables are expanded to the value of SomeboyElse's rather than YourNameOnBehalfOfSomebodyElse's.

WIKINAME

USERNAME

WIKIUSERNAME

Avoiding vulnerability

By default, user level preferences are read before web level preferences.
This means a user can set a preferences variable at the user level and finalise it.
To prevent this sort of attack, you need to harden your web or site by disabling user preferences by e.g. having the following line on lib/LocalSite.cfg

$TWiki::cfg{DemoteUserPreferences}= 1;

and having the following line on your WebPreferences and then finalise DENYUSERPREFEENCES.

Again by default, predefined variables such as %IF{...}% can be overridden by preferences variables.
If user preferences are disabled, ordinary users cannot attack using user preferences, but topic level preferences may cause unexpected consequences.
As such, all predefined variables need to be made un-overridable by having the following line on WebPreferences and then finalise OVERRIDABLEPREDEFINEDVARIABLES.

Disabling dynamic access control

You may not be comfortable with dynamic access control because it may slow things down. Or you may not want to be bothered by questions raised by users about it. If so, you can disable it by setting DYNAMIC_ACCESS_CONTROL 'off' and then finalizing at the local site level. (cf. TWikiVariables#Setting_Preferences_Variables)

Access control and INCLUDE

ALLOWTOPICVIEW and ALLOWTOPICCHANGE only applies to the topic in which the settings are defined. If a topic A includes another topic B, topic A does not inherit the access rights of the included topic B.

Examples: Topic A includes topic B

If the included topic B has ALLOWTOPICCHANGE set to block editing for a user, it does not prevent editing the including topic A.

If the included topic B has ALLOWTOPICVIEW set to block view for a user, the user can still view topic A but he cannot see the included topic B. He will see a message No permission to view B

Customizing "access denied" message

When access is denied, a page as follows is displayed:

You may want to customize the passage annotated in the red rectangle.
For example, with a web restricting access, you may want to show the link to an access request form.

You can achieve that by setting TOPIC_ACCESS_CONTACT varialbe on WebPreferences. e.g.

* Set TOPIC_ACCESS_CONTACT = If you need to access this site, please apply [[Main.AccessForm][here]]

Please note that setting it on a topic other than WebPreferences does not take effect.
This is a limitation of the current implementation.

Custom user/group notations

In a large organization, TWiki may need to depend on user and group data provided by its infrastructure.
Custom user/group notations are handy in such situations though it's not trivial to implement.
Please read here for details.

Access Control quick recipes

Restrict Access to Whole TWiki Site

In a firewalled TWiki, e.g. an intranet wiki or extranet wiki, you want to allow only invited people to access your TWiki. There are three options:

1. Install TWiki Behind Firewall:

The firewall takes care of giving access to TWiki to authorized people only. This is a typical setup for a company wiki. As for TWiki configuration, no special setup is needed.

2. Extranet TWiki Using Template Login:

All TWiki content (pages and attachments) need to be access controlled. The Template Login allows users to login and logout. Only logged in users can access TWiki content.

Configuration: Follow the default setup, then change these configure settings:

When you install additional plugins make sure to add scripts they might introduce also to twiki/bin also to the {AuthScripts} configure setting. Attention: Some scripts of additional plugins might not be aware of TWiki's template login. Test all new scripts with a non-authenticated user!

3. Extranet TWiki Using Apache Login:

All TWiki content (pages and attachments) need to be access controlled. The Apache Login does not offer a logout; typically the browser needs to be restarted to logout. Only logged in users can access TWiki content.

Configuration: Enable user authentication with ApacheLogin and lock down access to the whole twiki/bin and twiki/pub directories to all but valid users. In the Apache config file for TWiki (twiki.conf or .htaccess), replace the <FilesMatch "(attach|edit|... section with this:

<FilesMatch ".*">
require valid-user
</FilesMatch>

Notes:

In all three options, content can be restricted selectively with ALLOWWEBVIEW and other access control settings documented above. See also the next quick recipe.

In the extranet setup, someone with access to the site needs to register new users. If you still want public users to be able to register automatically follow TWiki:TWiki.RegisterOnViewRestrictedSite.

Authenticate and Restrict Selected Webs Only

Use the following setup to provide unrestricted viewing access to open webs, with authentication only on selected webs. Requires TWikiUserAuthentication to be enabled.

Restrict view access to selected Users and Groups. Set one or both of these variables in its WebPreferences topic:

Set DENYWEBVIEW = < list of Users and Groups >

Set ALLOWWEBVIEW = < list of Users and Groups >

Note:DENYWEBVIEW is evaluated before ALLOWWEBVIEW. Access is denied if the authenticated person is in the DENYWEBVIEW list, or not in the ALLOWWEBVIEW list. Access is granted if DENYWEBVIEW and ALLOWWEBVIEW are not defined.

Hide Control Settings

Tip: To hide access control settings from normal browser viewing, you can put them into the topic preference settings by clicking the link Edit topic preference settings under More topic actions menu. Preferences set in this manner are not visible in the topic text, but take effect nevertheless. Access control settings added as topic preference settings are stored in the topic meta data and they override settings defined in the topic text.

Alternatively, place them in HTML comment markers, but this exposes the access setting during ordinary editing.

<!-- * Set DENYTOPICCHANGE = Main.SomeGroup-->

Obfuscating Webs

Another way of hiding webs is to keep them hidden by not publishing the URL and by preventing the all webs search option from accessing obfuscated webs. Do so by enabling the NOSEARCHALL variable in WebPreferences:

Set NOSEARCHALL = on

This setup can be useful to hide a new web until content its ready for deployment, or to hide view access restricted webs.

Note: Obfuscating a web without view access control is very insecure, as anyone who knows the URL can access the web.

Read-only Skin Mode

It is possible to turn the PatternSkin and TopMenuSkin into read-only mode by removing the edit and attach controls (links and buttons). This is mainly useful if you have TWiki application pages or dashboards where you do not want regular users to change content. The read-only skin mode is not a replacement for access control; you can use it in addition to access control. Details at PatternSkinCustomization#ReadOnlySkinMode.

Configuring access control for topics of a certain name in all webs

You may need to restrict access to topics of a certain name in all webs.
For example, there might be an add-on refering to a certain topic of all webs.
And the add-on does things only administrators are supposed to do.
In that case, change to the topic needs to be restricted only to administrators
and must not be overridable.

Let's say there is AutomationAddOn which refers to WebAutomation of all webs.
And WebAutomation needs to be modifable only by administrators.
That can be achieved by the following configuration.

$TWiki::cfg{Access}{Topic}{TOPICNAME} has precedence over DENYTOPIC* and ALLOWTOPIC*.
For example, if the configuration for WebAutomation is there as above, there is no way to allow non-adminsitrators to change the WebAutomation topic of any web.

As a way to configure access control, this may look crude.
The reason why configured this way is that this can be part of plugin/add-on/contrib's configuration.
For example, Config.spec of AutomationAddOn would have the following lines, with which proper access control to WebAutomation topics is implemented without the administrator knowing it.

TWiki Text Formatting

These instructions are for contributors who prefer to use the Raw Edit over the default WYSIWYG editor. Working in TWiki is as easy as typing in text. You don't need to know HTML, though you can use it if you prefer. Links to topics are created automatically when you enter WikiWords. And TWiki shorthand gives you all the power of HTML with a simple coding system that takes no time to learn. It's all laid out below.

TWiki Editing Shorthand

Formatting Command:

You write:

You get:

Paragraphs:
Blank lines will create new paragraphs.

1st paragraph
2nd paragraph

1st paragraph

2nd paragraph

Headings:
Three or more dashes at the beginning of a line, followed by plus signs and the heading text. One plus creates a top level heading, two pluses a second level heading, etc. The maximum heading depth is 6.

You can create a table of contents with the %TOC% variable.
If you want to exclude a heading from the TOC, put !! after the ---+.
Empty headings are allowed and won't appear in the table of contents.

---++ Sushi
---+++ Maguro
---+++!! Not in TOC

Sushi

Maguro

Not in TOC

Bold Text:
Words get shown in bold by enclosing them in * asterisks.

*Bold*

Bold

Italic Text:
Words get shown in italic by enclosing them in _ underscores.

_Italic_

Italic

Bold Italic:
Words get shown in bold italic by enclosing them in __ double-underscores.

__Bold italic__

Bold italic

Fixed Font:
Words get shown in fixed font by enclosing them in = equal signs.

You can follow the closing bold, italic, or other (* _ __ = ==) indicator
with normal punctuation, such as commas and full stops.
Make sure there is no space between the text and the indicators.
All words enclosed by the indicators need to be on the same line.

_This works_,
_this does not _
_this fails
too_

This works,
_this does not _
_this fails
too_

Separator (Horizontal Rule):
Three or more three dashes at the beginning of a line..

-------

Bulleted List:
Multiple of three spaces, an asterisk, and another space.
For all the list types, you can break a list item over several lines by indenting lines after the first one by at least 3 spaces.

* level 1
* level 2
* back on 1
* A bullet
broken over
three lines
* last bullet

level 1

level 2

back on 1

A bullet broken over three lines

last bullet

Icon List:
Multiple of three spaces, an asterisk, text icon:name and another space.
Use the name of any TWikiDocGraphics icon.

WikiWord Links:
CapitalizedWordsStuckTogether (or WikiWords) will produce a link automatically if preceded by whitespace or parenthesis.
If you want to link to a topic in a different web write Otherweb.TopicName.
To link to a topic in a subweb write Otherweb.Subweb.TopicName.
The link label excludes the name of the web, e.g. only the topic name is shown. As an exception, the name of the web is shown for the WebHome topic.
Dots '.' are used to separate webs and subwebs from topic names and therefore cannot be used in topic names.

It's generally a good idea to use the TWikiVariables %SYSTEMWEB% and %USERSWEB% instead of TWiki and Main.

Anchors:
You can define a reference inside a TWiki topic (called an anchor name) and link to that. To define an anchor write #AnchorName at the beginning of a line. The anchor name must be a WikiWord of no more than 32 characters. To link to an anchor name use the [[MyTopic#MyAnchor]] syntax. You can omit the topic name if you want to link within the same topic.

External Links:
URLs starting with file, ftp, gopher, http, https, irc, mailto, news, nntp and telnet are linked automatically if preceded by whitespace or parenthesis. External links are indicated with a trailing icon, and open up in a new browser tab or window; the behavior of both can be set in configure or preferences variables (see TWikiExternalLinks for details). Links can be prevented with an ! exclamation point prefix.

Forced Links:
Use double square brackets to create forced links: Write [[link]] or [[link][label]] to force a link. Use the former for singleton words and if automatic linking is disabled. Use the latter one to specify a link label other than the link. For the link, you can use internal link references (e.g. WikiWords) and URLs (e.g. http://TWiki.org/).
URL parameters can follow a WikiWord Anchor names can be added to create a link to a specific place in a document.
To "escape" double square brackets that would otherwise make a link, prefix the leading left square bracket with an exclamation point.
The topic title instead of the topic name is shown for [[WikiWord]] links if the SHOWTOPICTITLELINK preferences setting is enabled.

Topic Title Links:
Use double square brackets and a plus sign to create links with topic title: Write [[+TopicName]] or [[+Web.TopicName]] to show the topic title instead of the topic name. The topic title is defined by the form field named "Title", the topic preferences setting named TITLE, or the topic name if neither exists.
An alternative syntax is [[TopicName][$topictitle]] or [[Web.TopicName][$topictitle]].

Prevent a Link:
Prevent a WikiWord from being linked by prepending it with an exclamation point.

!SunOS

SunOS

Disable Links:
You can disable automatic linking of WikiWords by surrounding text with <noautolink> and </noautolink> tags.
It is possible to turn off all auto-linking with a NOAUTOLINK preferences setting.

<noautolink>
RedHat & SuSE
</noautolink>

RedHat & SuSE

Mailto Links:
E-mail addresses are linked automatically. To create e-mail links that have more descriptive link text, specify subject lines or message bodies, or omit the e-mail address, you can write [[mailto:user@domain][descriptive text]].

Verbatim Text:
Surround code excerpts and other formatted text with <verbatim> and </verbatim> tags.
The verbatim tag disables HTML code. Use <pre> and </pre> tags instead if you want the HTML code within the tags to be interpreted.
Preferences variables (* Set NAME = value) are set within verbatim tags.

Literal Text:
TWiki generates HTML code from TWiki shorthand.
Experts surround anything that must be output literally in the HTML code, without the application of
TWiki shorthand rules, with <literal>..</literal> tags.
Any HTML within literal tags must be well formed i.e. all tags must be properly closed before the end of the literal block.
TWiki Variables are expanded within literal blocks.

<literal>
| Not | A | Table |
<literal>

| Not | A | Table |

Protected Text:Experts protect text from mangling by WYSIWYG editors using
<sticky>..</sticky> tags. Sticky tags don't have any effect on normal
topic display; they are only relevant when content has to be
protected from a WYSIWYG editor (usually because it isn't well-formed HTML, or because it
is HTML that WYSIWYG would normally filter out or modify). Protected
content appears as plain text in the WYSIWYG editor.

<sticky>
<div>
This div is required
</div>
</sticky>

This div is required

Using HTML, CSS and JavaScript

You can use most HTML tags in TWiki topics without a problem. This is useful where you want to add some content that is formatted in a way that is not supported using TWiki shorthand, for example, you can write <strike>deleted text</strike> to get deleted text.

There are a few usability and technical considerations to keep in mind:

On collaboration pages, it's better not to use HTML, but to use TWiki shorthand instead - this keeps the text uncluttered and easy to edit using the plaintext editor.

Use <literal>..</literal> tags around blocks of HTML to avoid accidental interpretation of TWiki shorthand within the HTML.

Script tags may be filtered out, at the discretion of your TWiki administrator.

Recommendations when pasting HTML from other sources (using the plain-text editor):

Copy only text between <body> and </body> tags.

Remove all empty lines. TWiki inserts <p /> paragraph tags on empty lines, which causes problems if done between HTML tags that do not allow paragraph tags, like for example between table tags.

Remove leading spaces. TWiki might interpret some text as lists.

Do not span a tag over more than one line. TWiki requires that the opening and closing angle brackets - <...> - of a HTML tag are on the same line, or the tag will be broken.

In your HTML editing program, save without hard line breaks on text wrap.

When using a WYSIWYG editor, you can just copy-paste directly into the editor, and the content will be converted to TWiki shorthand automatically when you save.

It is also possible to add Cascading Style Sheets (CSS) and JavaScript code to TWiki pages, which can be used to make TWiki application more interactive. To prevent TWiki from interpreting some text as markup, it can be enclosed in HTML-escaped <pre>-tags.

External Links

Write [[URL][label]] to get an external link with a descriptive text for the link, such as [[http://google.com/][Google home page]] to get Google home page.

E-mail addresses like name@domain.com are linked automatically.

TWiki Variables

TWiki Variables are names enclosed in percent signs that are that are expanded to some other text when the topic is displayed. For example, %TOPIC% is expanded to TWikiVariablesQuickStart. Some variables can take arguments in curly braces - for example, %INCLUDE{"OtherTopic" arg="value"}%.

Many TWiki variables are built-in, and others are predefined for your convenience. TWikiVariables describes how you can also define your own TWiki Variables at the entire site, individual web, or individual topic level. Variables are fully expanded before any of the TWiki text formatting rules are applied.

Commonly used variables:

%TOC% : Automatically generates a table of contents based on headings in a topic - see the top of this page for an example.

%WEB% : The current web, is TWiki.

%TOPIC% : The current topic name, is TWikiVariablesQuickStart.

%ATTACHURL% : The attachment URL of the current topic. Example usage: If you attach a file to a topic you can refer to it as %ATTACHURL%/image.gif to show the URL of the file or the image in your text.

%INCLUDE{"SomeTopic"}% : Server side include, includes another topic. The current web is the default web. Example: %INCLUDE{"TWiki.SiteMap"}%

%SEARCH{"sushi"}% : Inline search showing the search result embedded in a topic. FormattedSearch gives you control over formatting, used to create web-based applications.

Documentation Graphics: There are many graphics available to use in your topics. Use %ICON{"help"}%, %ICON{"tip"}%, and %ICON{"warning"}% to get: , , and , respectively.

Common Editing Errors

TWiki formatting rules are fairly simple to use and quick to type. However, there are some things to watch out for, taken from the TextFormattingFAQ:

Q: Text enclosed in angle brackets like <filename> is not displayed. How can I show it as it is?

A: The '<' and '>' characters have a special meaning in HTML, they define HTML tags. You need to escape them, so write '&lt;' instead of '<', and '&gt;' instead of '>'. Example: Type 'prog &lt;filename&gt;' to get 'prog <filename>'.

Using Variables

type %CALCULATE{ "$UPPER(Text)" }% to get TEXT (a variable defined by a plugin)

Note:

To leave a variable unexpanded, precede it with an exclamation point, e.g. type !%TOPIC% to get %TOPIC%

Variables are expanded relative to the topic they are used in, not the topic they are defined in

Type %ALLVARIABLES% to get a full listing of all variables defined for a particular topic

Variable Names

Variable names must start with a letter, optionally followed by letters, numbers and underscore '_' characters. Both upper-case and lower-case characters can be used, %MYVAR%, %MyVar%, %My2ndVar%, and %My_Var% are valid names. Variables are case sensitive, e.g. %MyVAR% and %MYVAR% are not the same.

By convention all settings, predefined variables and variables handled by extensions are always UPPER-CASE.

Preferences Variables

Unlike predefined variables, preferences variables can be defined by the user in various places.

If EXTRAPREFERENCES is defined at this point, it's regarded as having comma separated list of topics. Those topics are read in the listed order as if they were WebPreferences

topic level in topics in webs

session variables (if sessions are enabled)

user level preferences are set at this point if $TWiki::cfg{DemoteUserPreferences} is true as mentioned at the step 4

Settings at higher-numbered levels override settings of the same variable at lower numbered levels, unless the variable was included in the setting of FINALPREFERENCES at a lower-numbered level, in which case it is locked at the value it has at that level.

If you are setting a variable and using it in the same topic, note that TWiki reads all the variable settings from the saved version of the topic before it displays anything. This means you can use a variable anywhere in the topic, even if you set it somewhere inconspicuous near the end. But beware: it also means that if you change the setting of a variable you are using in the same topic, preview will show the wrong thing, and you must save the topic to see it correctly.

The syntax for setting variables is the same anywhere in TWiki (on its own TWiki bullet line, including nested bullets): [multiple of 3 spaces] * [space] Set [space] VARIABLENAME [space] = [space] value

Examples:

* Set VARIABLENAME1 = value
* Set VARIABLENAME2 = value

Spaces between the = sign and the value will be ignored. You can split a value over several lines by indenting following lines with spaces - as long as you don't try to use * as the first character on the following line.

Example:

* Set VARIABLENAME = value starts here
and continues here

Whatever you include in your variable will be expanded on display, exactly as if it had been entered directly.

Example: Create a custom logo variable

To place a logo anywhere in a web by typing %MYLOGO%, define the Variable on the web's WebPreferences topic, and upload a logo file, ex: mylogo.gif. You can upload by attaching the file to WebPreferences, or, to avoid clutter, to any other topic in the same web, e.g. LogoTopic. Sample variable setting in WebPreferences:

* Set MYLOGO = %PUBURL%/%WEB%/LogoTopic/mylogo.gif

You can also set preferences variables on a topic by clicking the link Edit topic preference settings under More topic actions. Use the same * Set VARIABLENAME = value syntax. Preferences set in this manner are not visible in the topic text, but take effect nevertheless.

Controlling User Level Preferences Override

By default, user level variables are set at the step 4 as stated in the previous section.
That means a user can finalise some preferences variables so that web level or topic level setting cannot override it.
This may result in a situation the web or page owner doesn't expect.
$TWiki::cfg{DemoteUserPreferences} has been introduced to avoid it.
If it's set to true, user level variables are set at the last step instead of the step 4.

But this is not enough.
To guarantee a certain result, you need to finalise critical preferences variables set at the web or topic level, which is cumbersome.
So preferences variables DENYUSERPREFEENCES and ALLOWUSERPREFEENCES have been introduced.

DENYUSERPREFEENCES and ALLOWUSERPREFEENCES may have comma separated list of variable names

If a preferences variable is listed in DENYUSERPREFEENCES, the variable cannot be overridden at the user level. There is a special value "all", which means no preferences variables can be overridden at the user level

If ALLOWUSERPREFEENCES is set and not empty, only the listed preferences variables can be overridden. There is a special value "all", which means any preferences variable can be overridden at the user level. But actually, "all" is not necessary since a blank value or not setting ALLOWUSERPREFEENCES has the same effect

DENYUSERPREFEENCES takes precedence over ALLOWUSERPREFEENCES. If a variable is listed on both, it cannot be overridden. If DENYUSERPREFEENCES is "all", the value of ALLOWUSERPREFEENCES doesn't matter.

For example, if you don't allow overriding at the user level at all:

* Set DENYUSERPREFERENCES = all

If you allow INYMCEPLUGIN_DISABLE and SKIN to be set at the user level:

* Set ALLOWUSERPREFERENCES = TINYMCEPLUGIN_DISABLE, SKIN

If you allow user preferences to set anything other than TINYMCEPLUGIN_DISABLE or SKIN:

* Set DENYUSERPREFERENCES = TINYMCEPLUGIN_DISABLE, SKIN

Please note DENYUSERPREFEENCES and ALLOWUSERPREFEENCES affect user preferences regardless of $TWiki::cfg{DemoteUserPreferences}.
You can set those variables at the site level while $TWiki::cfg{DemoteUserPreferences} setting to false.
If you do so, you should finalise DENYUSERPREFEENCES and ALLOWUSERPREFEENCES.
Otherwise, they might be overridden by user preferences.

You will get the most benefit of DENYUSERPREFEENCES and ALLOWUSERPREFEENCES by setting $TWiki::cfg{DemoteUserPreferences} to true.
That way, each web can specify how much user level preferences overriding is allowed.

Parameterized Variables (Macros)

It is possible to pass parameters to TWiki variables. This is called a macro in a programming language.

To define a parameterized variable, set a variable that contains other variables, such as:

A special %DEFAULT% variable denotes the default (nameless) parameter of the calling variable. Variables optionally may list a default="..." parameter that gets used in case the calling variable does not specify that parameter.

To use a parameterized variable (or call a macro), add parameters within the curly brackets, such as:

Example

The default can be defined with a default parameter (%DISH{default="steak"}%), or as a preferences setting (Set DRINK = ...).

Use Variables:

%FAVORITE{ DISH="Sushi" DRINK="Sake" }%

Returns:
%FAVORITE{ DISH="Sushi" DRINK="Sake" }%

%FAVORITE{}%

Returns:
%FAVORITE{}%

%FAVORITE{ "preferred" }%

Returns:
%FAVORITE{ "preferred" }%

Access Control Variables

These are special types of preferences variables to control access to content. TWikiAccessControl explains these security settings in detail.

Local values for variables

Certain topics (a users home topic, web site and default preferences topics) have a problem; variables defined in those topics can have two meanings. For example, consider a user topic. A user may want to use a double-height edit box when they are editing their home topic - but only when editing their home topic. The rest of the time, they want to have a normal edit box. This separation is achieved using Local in place of Set in the variable definition. For example, if the user sets the following in their home topic:

* Set EDITBOXHEIGHT = 10
* Local EDITBOXHEIGHT = 20

Then when they are editing any other topic, they will get a 10 high edit box. However when they are editing their home topic, they will get a 20 high edit box. Local can be used wherever a preference needs to take a different value depending on where the current operation is being performed.

Use this powerful feature with great care! %ALLVARIABLES% can be used to get a listing of the values of all variables in their evaluation order, so you can see variable scope if you get confused.

Predefined Variables

Most predefined variables return values that were either set in the configuration when TWiki was installed, or taken from server info (such as current username, or date and time). Some, like %SEARCH%, are powerful and general tools.

This has long been the case but may not be desirable since even something as fundamental as %IF{...}%, %SCRIPT{...}%, and %INCLUDE{...}% can be overridden

So TWiki-6.0.1 has introduced a way to protect predefined variables from being overridden by preferences variables

The preferences variable OVERRIDABLEPREDEFINEDVARIABLES having a comma separated list of predefined variables specifies which predefined variables are overridable

By default, it's set to "all" (set at TWiki.TWikiPreferences), which means any predefined variable can be overridden, which is for compatibility with prior releases. You can set it to a different value in Main.TWikiPreferences and you may finalise it

If it's set as below, all predefined variables are protected

* Set OVERRIDABLEPREDEFINEDVARIABLES =

If it's set as below, DATE and LANGUAGE predefined variables can be overridden but all the other predefined variables cannot

* Set OVERRIDABLEPREDEFINEDVARIABLES = DATE, LANGUAGE

Extensions may extend the set of predefined variables (see individual extension topics for details)

Take the time to thoroughly read through ALL preference variables. If you actively configure your site, review variables periodically. They cover a wide range of functions, and it can be easy to miss the one perfect variable for something you have in mind. For example, see %INCLUDINGTOPIC%, %INCLUDE%, and the mighty %SEARCH%.

Documenting TWiki Variables

This section is for people documenting TWiki variables of the TWiki core and TWiki extensions.

Each variable is documented in a topic named Var<name> in the TWiki web. For example, a %LIGHTSABER% variable has a documentation topic called VarLIGHTSABER. The topic is expected to have a specific format so that reports in this TWikiVariables topic, in TWikiVariablesSearch and in category topics work as expected.

Basic structure of a variable documentation topic:

Parent set to TWikiVariables

An anchor named the same like the topic, such as #VarLIGHTSABER

A ---+++ (level 3) heading with variable name, --, short description

A bullet with description of the variable (optional)

A Syntax: bullet with example syntax

A Parameters: bullet with a table explaining the parameters (optional)

TWiki Formatted Search

Inline search feature allows flexible formatting of search result

The default output format of a %SEARCH{...}% is a table consisting of topic names and topic summaries. Use the format="..." parameter to customize the search result. The format parameter typically defines a bullet or a table row containing variables, such as %SEARCH{ "food" format="| $topic | $summary |" }%. See %SEARCH{...}% for other search parameters, such as separator="".

Syntax

Three parameters can be used to customize a search result:

1. header="..." parameter

Use the header parameter to specify the header of a search result. It should correspond to the format of the format parameter. This parameter is optional. Example: header="| *Topic:* | *Summary:* |"

Topic title, in order of sequence defined by: Form field named "Title", topic preference setting named TITLE, topic name

$parent

Name of parent topic; empty if not set

$parent(20)

Name of parent topic, same hyphenation/shortening like $topic()

$text

Formatted topic text. In case of a multiple="on" search, it is the line found for each search hit.

$text(encode:type)

Same as above, but encoded in the specified type. Possible types are the same as in ENCODE. Though ENCODE can take the extra parameter, $text(encode:type) cannot. Example: $text(encode:html)

$locked

LOCKED flag (if any)

$date

Time stamp of last topic update, e.g. 2019-05-25 - 14:10

$isodate

Time stamp of last topic update, e.g. 2019-05-25T14:10Z

$rev

Number of last topic revision, e.g. 4

$username

Login name of last topic update, e.g. jsmith

$wikiname

Wiki user name of last topic update, e.g. JohnSmith

$wikiusername

Wiki user name of last topic update, like Main.JohnSmith

$createdate

Time stamp of topic revision 1

$createusername

Login name of topic revision 1, e.g. jsmith

$createwikiname

Wiki user name of topic revision 1, e.g. JohnSmith

$createwikiusername

Wiki user name of topic revision 1, e.g. Main.JohnSmith

$summary

Topic summary, just the plain text, all TWiki variables, formatting and line breaks removed; up to 162 characters

$summary(50)

Topic summary, up to 50 characters shown

$summary(showvarnames)

Topic summary, with %ALLTWIKI{...}% variables shown as ALLTWIKI{...}

$summary(expandvar)

Topic summary, with %ALLTWIKI{...}% variables expanded

$summary(noheader)

Topic summary, with leading ---+ headers removedNote: The tokens can be combined, for example $summary(100, showvarnames, noheader)

$changes

Summary of changes between latest rev and previous rev

$changes(n)

Summary of changes between latest rev and rev n

$formname

The name of the form attached to the topic; empty if none

$formfield(name)

The field value of a form field; for example, $formfield(TopicClassification) would get expanded to PublicFAQ. This applies only to topics that have a TWikiForm

$formfield(name, encode:type)

Form field value, encoded in the specified type. Possible types are the same as in ENCODE: quote, moderate, safe, entity, html, url and csv. The encode:type parameter can be combined with other parameters described below, but it needs to be the last parameter. Example: $formfield(Description, 20, encode:html)

$formfield(name, render:display)

Form field value, rendered for display. For example, a form field of type color will render as a colored box. If not specified, the raw value is returned, such as a color value #336699. The render:display parameter can be combined with other parameters, but must be used after the parameters described below.

$formfield(name, 10)

Form field value, "- " hyphenated each 10 characters

$formfield(name, 20, -<br />)

Form field value, hyphenated each 20 characters with separator "-<br />"

$formfield(name, 30, ...)

Form field value, shortened to 30 characters with "..." indication

$query(query-syntax)

Access topic meta data using SQL-like QuerySearch syntax. Example: • $query(attachments.arraysize) returns the number of files attached to the current topic • $query(attachments[name~'*.gif'].size) returns an array with size of all .gif attachments, such as 848, 1425, 923• $query(parent.name) is equivalent to $parent

$query(query-syntax, quote:")

Strings in QuerySearch result are quoted with the specified quote. Useful to triple-quote strings for use in SpreadSheetPlugin's CALCULATE, such as $query(attachments.comment, quote:''') which returns a list of triple-quoted attachment comment strings -- the spreadhseet funcions will work properly even if comment strings contain commas and parenthesis

$query(query-syntax, encode:type)

QuerySearch result is encoded in the specified type. This is in parallel to $formfield(name, encode:type) mentioned above

$pattern(reg-exp)

A regular expression pattern to extract some text from a topic (does not search meta data; use $formfield instead). In case of a multiple="on" search, the pattern is applied to the line found in each search hit.• Specify a RegularExpression that covers the whole text (topic or line), which typically starts with .*, and must end in .*• Put text you want to keep in parenthesis, like $pattern(.*?(from here.*?to here).*)• Example: $pattern(.*?\*.*?Email\:\s*([^\n\r]+).*) extracts the e-mail address from a bullet of format * Email: ...• This example has non-greedy .*? patterns to scan for the first occurance of the Email bullet; use greedy .* patterns to scan for the last occurance • Limitation: Do not use .*) inside the pattern, e.g. $pattern(.*foo(.*)bar.*) does not work, but $pattern(.*foo(.*?)bar.*) does • Note: Make sure that the integrity of a web page is not compromised; for example, if you include an HTML table make sure to include everything including the table end tag

$pattern(reg-exp, encode:type)

A text extracted by reg-exp is encoded in the specified type. This is in parallel to $formfield(name, encode:type) mentioned above

$count(reg-exp)

Count of number of times a regular expression pattern appears in the text of a topic (does not search meta data). Follows guidelines for use and limitations outlined above under $pattern(reg-exp). Example: $count(.*?(---[+][+][+][+]) .*) counts the number of <H4> headers in a page.

$ntopics

Number of topics found in current web. This is the current topic count, not the total number of topics

$tntopics

The total number of topics matched

$nwebs

The number of webs searched

$nhits

Number of hits if multiple="on". Cumulative across all topics in current web. Identical to $ntopics unless multiple="on"

$n or $n()

New line. Use $n() if followed by alphanumeric character, e.g. write Foo$n()Bar instead of Foo$nBar

$nop or $nop()

Is a "no operation". This variable gets removed; useful for nested search

$quot or \"

Double quote (")

$aquot

Apostrophe quote (')

$percnt

Percent sign (%)

$dollar

Dollar sign ($)

$lt

Less than sign (<)

$gt

Greater than sign (>)

3. footer="..." parameter

Use the footer parameter to specify the footer of a search result. It should correspond to the format of the format parameter. This parameter is optional. Example: footer="| *Topic* | *Summary* |"

Results pagination

Evaluation order of variables

By default, variables embedded in the format parameter of %SEARCH{}% are evaluated once before the search. This is OK for variables that do not change, such as %SCRIPTURLPATH%. Variables that should be evaluated once per search hit must be escaped. For example, to escape a conditional:
%IF{ "..." then="..." else="..." }% write this:
format="$percntIF{ \"...\" then=\"...\" else=\"...\" }$percnt"

Everybody can edit any page, this is scary. Doesn't that lead to chaos? Answer...

Nested Search

Search can be nested. For example, search for some topics, then form a new search for each topic found in the first search. The idea is to build the nested search string using a formatted search in the first search.

Here is an example. Let's search for all topics that contain the word "culture" (first search), and let's find out where each topic found is linked from (second search).

Now let's nest the two. We need to escape the second search, e.g. the first search will build a valid second search string. Note that we escape the second search so that it does not get evaluated prematurely by the first search:

Note: Nested search can be slow, especially if you nest more then 3 times. Nesting is limited to 16 levels. For each new nesting level you need to "escape the escapes", e.g. write $dollarpercntSEARCH{ for level three, $dollardollarpercntSEARCH{ for level four, etc.

Search with conditional output

A regular expression search is flexible, but there are limitations. For example, you cannot show all topics that are up to exactly one week old, or create a report that shows all records with invalid form fields or fields within a certain range, etc. You need some additional logic to format output based on a condition:

Specify a search which returns more hits then you need

For each search hit apply a spreadsheet formula to determine if the hit is needed

File Attachments

Each topic can have one or more files of any type attached to it by using the Attach screen to upload (or download) files from your local PC. Attachments are stored under revision control: uploads are automatically backed up; all previous versions of a modified file can be retrieved.

What Are Attachments Good For?

File Attachments can be used to archive data, or to create powerful customized groupware solutions, like file sharing and document management systems, and quick Web page authoring.

Document Management System

You can use Attachments to store and retrieve documents (in any format, with associated graphics, and other media files); attach documents to specific TWiki topics; collaborate on documents with full revision control; distribute documents on a need-to-know basis using web and topic-level access control; create a central reference library that's easy to share with an user group spread around the world.

File Sharing

For file sharing, FileAttachments on a series of topics can be used to quickly create a well-documented, categorized digital download center for all types of files: documents; graphics and other media; drivers and patches; applications; anything you can safely upload!

Web Authoring

Through your Web browser, you can easily upload graphics (or sound files, or anything else you want to link to on a page) and place them on a single page, or use them across a web, or site-wide.

NOTE: You can also add graphics - any files - directly, typically by FTP upload. This requires FTP access, and may be more convenient if you have a large number of files to load. FTP-ed files can't be managed using browser-based Attachment controls. You can use your browser to create TWikiVariables shortcuts, like this %H% = .

Uploading Files

Click on the Attach link at the bottom of the page. The Attach screen lets you browse for a file, add a comment, and upload it. The uploaded file will show up in the File Attachment table.

NOTE: The topic must already exist. It is a two step process if you want to attach a file to a non-existing topic; first create the topic, then add the file attachment.

TWiki is capable of getting up to 10 files per upload session. Whether you can actually upload multiple files in one go from web user interface depends on skin.

Any type of file can be uploaded. Some files that might pose a security risk are renamed, ex: *.php files are renamed to *.php.txt so that no one can place code that would be read in a .php file.

The previous upload path is retained for convenience. In case you make some changes to the local file and want to upload it, again you can copy the previous upload path into the Local file field.

TWiki can limit the file size. This is defined by the %ATTACHFILESIZELIMIT% variable of the TWikiPreferences, currently set at 10000 KB.

It's not recommended to upload files greater than a few hundred K through a browser. Large files can be extremely slow-loading, and often time out. Use an FTP site for large file uploads.

Automatic attachments:

When enabled, all files in a topic's attachment directory are shown as attachments to the topic - even if they were directly copied to the directory and never attached by using an 'Attach' link. This is a convenient way to quickly "attach" files to a topic without uploading them one by one; although at the cost of losing audit trail and version control.

To enable this feature, set the {AutoAttachPubFiles} configuration option.

NOTE: The automatic attachment feature can only be used by an administrator who has access to the server's file system.

Properties

The first table is a list of all attachments, including their attributes. An h means the attachment is hidden, it isn't listed when viewing a topic.

The second table is all the versions of the attachment. Click on View to see that version. If it's the most recent version, you'll be taken to an URL that always displays the latest version, which is usually what you want.

To change the comment on an attachment, enter a new comment and then click Change properties. Note that the comment listed against the specific version will not change, however the comment displayed when viewing the topic does change.

To hide/unhide an attachment, enable the Hide file checkbox, then click Change properties.

File names

File systems tend to be liberal about characters used in file names.
But there are characters which may cause problems if they are used in a file name of a TWiki attachment.
As such, when TWiki saves an uploaded file attachment, it's saved as a file whose name is cleansed to avoid problems.
Specifically:

Space are replaed by underscores

The .txt extension is appended to some filenames for security reasons

Characters such as ~, $, @, % are removed

Non-ASCII characters are deleted

When an attachment file name is altered by the process above, you are notified

Known Issues

Unlike topics, attachments are not locked during editing. As a workaround, you can change the comment to indicate an attachment file is being worked on - the comment on the specific version isn't lost, it's there when you list all versions of the attachment.

Attachments are not secured by default. Anyone can read them if they know the name of the web, topic and attachment. Ask your TWiki administrator if TWiki is configured to secure attachments.

TWiki Forms - Foundation of TWiki Applications

Add structure to content with forms attached to twiki topics. TWiki forms (with form fields) and formatted search are the base for building database applications.

Overview

By adding form-based input to free form content, you can structure topics with unlimited, easily searchable categories. A form is enabled for a web and can be added to a topic. The form data is shown in tabular format when the topic is viewed, and can be changed in edit mode using edit fields, radio buttons, check boxes and list boxes. Many different form types can be defined in a web, though a topic can only have one form attached to it at a time.

When used in the value field of the form definition, this will find all topic names in the Main web which end in "Office" and use them as the legal field values.

Adding a Form to a Topic

To add a Form, follow the "More topic actions" link at the bottom of a topic, select "Add or Replace Form".

Select a Form Template topic. These are topics with names ending in Form that contain a Form Template table.

A Form is typically added to a template topic, either to the WebTopicEditTemplate topic in a web, or a new topic that serves as an application specific template topic.

Modify the template topic to set the initial Form values.

Additionally a new topic can be given a Form using the formtemplate parameter in the (edit or save) URL. Initial values can then be provided in the URLs or as form values:

other than checkboxes: name, ex: ?BugPriority=1

checkbox: namevalue=1, ex: ?ColorRed=1. Boxes with a tick must be specified.

Example: This will add a textfield for the new topic name and a "Create"-Button to your topic. When the button is pressed, the topic editor will open with the form "MyForm" already attached to the new topic.

Note: You can create a topic in one step, without going through the edit screen. To do that, specify the save script instead of the edit script in the form action. When you specify the save script you have to use the "post" method. Example:

Note: Initial values will not be set in the form of a new topic if you only use the formtemplate parameter.

Changing a Form

To change a Form, follow the "More topic actions" link at the bottom of a topic, select "Add or Replace Form", and select a new Form.

You can change a form definition, and TWiki will try to make sure you don't lose any data from the topics that use that form.

If you add a new field to the form, then it will appear next time you edit a topic that uses the form.

If you delete a field from the form, or change a field name, then the data will not be visible when you edit the topic (the changed form definition will be used). If you save the topic, the old data will be lost (though thanks to revision control, you can always see it in older versions of the topic)

If two people edit the same topic containing a form at exactly the same time, and both change fields in the form, TWiki will try to merge the changes so that no data is lost.

Structure of a Form Template

A Form Template specifies the fields in a form. A Form Template is simply a page containing a TWiki table, where each row of the table specifies one form field.

Each row of the table defines one element of an input field:

Name

Type

Size

Values

Tooltip message

Attributes

The Name, Type and Size columns are required. Other columns are optional. The form template must have a header row, e.g. at least | *Name* | *Type* | *Size* | is required. Columns:

Name column:Name is the name of the form field.

Type, Size, Value columns:Type, Size and Value describe the type, size and initial value of this form field. Type text, checkbox, select and more are described in the Form Field Types section below.

Tooltip message column: The Tooltip message will be displayed when the cursor is hovered over the field in edit view.

Attributes column:Attributes may contain additional key="value" form field attributes, separated by space.

A hidden="1" attribute indicates that this field is hidden, e.g. not shown in view mode. However, the field is available for editing and storing information. The deprecated H attribute has the same function, it is still supported but might be removed in a future TWiki release. Tip: The TWiki form header is suppressed in view mode if all fields of the form are hidden. For better usability it is good to hide the whole form if the display and interaction of all form fields is done externally. For example, the display and modification of form field values can be done in a header topic that is included in each page.

An mandatory="1" attribute indicates that this field is mandatory. The topic cannot be saved unless a value is provided for this field. If the field is found empty during topic save, an error is raised and the user is redirected to an oops page. Mandatory fields are indicated by an asterisks next to the field name. The deprecated M attribute has the same function, it is still supported but might be removed in a future TWiki release.

Additional form field type specific attributes can be used, such as onfocus="..." and spellcheck="..".

For example, a simple form just supporting entry of a name and a date would look as follows:

A very few field names are reserved. If you try to use one of these names, TWiki will automatically append an underscore to the name when the form is used.

You can space out the title of the field, and it will still find the topic e.g. Aeroplane Manufacturers is equivalent to AeroplaneManufacturers.

If a label field has no name, it will not be shown when the form is viewed, only when it is edited.

Field names can in theory include any text, but you should stick to alphanumeric characters. If you want to use a non-wikiname for a select, checkbox or radio field, and want to get the values from another topic, you can use [[...]] links. This notation can also be used when referencing another topic to obtain field values, but a name other than the topic name is required as the name of the field.

Leading and trailing spaces are not significant.

Field Value Notes:

The field value will be used to initialize a field when a form is created, unless specific values are given by the topic template or query parameters. The first item in the list for a select or radio type is the default item. For label, text, and textarea fields the value may also contain commas. checkbox fields cannot be initialized through the form template.

Leading and trailing spaces are not significant.

Field values can also be generated through a FormattedSearch, which must yield a suitable table as the result.

Variables in the initial values of a form definition get expanded when the form definition is loaded.

If you want to use a | character in the initial values field, you have to precede it with a backslash, thus: \|.

You can use <nop> to prevent TWiki variables from being expanded.

The FormatTokens can be used to prevent expansion of other characters.

General Notes:

The topic definition is not read when a topic is viewed.

Form definition topics can be protected in the usual manner, using TWikiAccessControl, to limit who can change the form template and/or individual value lists. Note that view access is required to be able to edit topics that use the form definition, though view access to the form definition is not required to view a topic where the form has been used.

Form Field Types

Each table row of a form template defines one element of an input field:

Name

Type

Size

Values

Tooltip message

Attributes

Many types of form fields are available. Some are TWiki internal, some are provided by extensions. Find more TWiki form field extensions on TWiki.org. The Size, Value and Attributes depend on the Type used. Form field types:

Text field & select combination box, rendered as a text input field and a button to open up a selector box

Text box width in number of characters

Comma-space-separated list of options of the select box - can be a dynamic SEARCH

select

Select box, rendered as a picklist or a multi-row selector box depending on the size value

• 1: Show a picklist • Number > 1: Multi-row selector box of specified size • Range e.g. 3..10: Multi-row selector box with variable size - the box will never be smaller than 3 items, never larger than 10, and will be 5 high if there are only 5 options

Comma-space-separated list of options of the select box - can be a dynamic SEARCH

Like select, allowing definition of values that are different to the displayed text. An option is defined as value: title, where the value is the value passed on form submit, and title is the option text shown to the user. For example:| Field 9 | select+values | 3 | One, 2: Two, III: Three | Various values formats | shows but the values of options Two and Three are 2 and III, respectively. A legacy title=value syntax is supported as well, for example: One, Two=2, Three=III.

select+multi+values

Combination of select+multi and select+values

color

Single-line text box and a color picker to pick a color. The color can also be typed into the text box, such as #123456. An attribute of type="popup" shows a button that, when clicked, opens a color picker popup.

Text box width in number of characters

Initial (default) color

date

Text input field and a button next to it to pick a date from a pop-up calendar. The date can also be typed into the text box.

Values in Other Topics

As described above, you can also retrieve possible values for select, checkbox or radio types from other topics. For example, if you have a rows defined like this:

| *Name* | *Type* | *Size* |
| AeroplaneManufacturers | select | |

the TWiki will look for the topic AeroplaneManufacturers to get the possible values for the select.

The AeroplaneManufacturers topic must contain a table, where each row of the table describes a possible value. The table only requires one column, Name. Other columns may be present, but are ignored.

For example:

| *Name* |
| Routan |
| Focke-Wulf |
| De Havilland |

Notes:

The Values column must be empty in the referring form definition.

Using a form template on a different web

You can use a form template on a different web by specifying a form template in the WEB.TOPIC format.

In addition, you can put a comma separated list of webs in the TWIKIFORMPATH variable.
It's referred to only when a form template is spcified without a web (TOPIC instead of WEB.TOPIC).
The webs in TWIKIFORMPATH are examined in the listed order until the specified template is found.

TWIKIFORMPATH may contain TWiki variables. For example:

* Set TWIKIFORMPATH = %APPLICATION_WEB%, %WEB%

If TWIKIFORMPATH is defined, the current web is examined only if all the webs listed in it don't have the form template.

Extending the range of form data types

You can extend the range of data types accepted by forms by using TWikiPlugins. All such extended data types are single-valued (can only have one value) with the following exceptions:

any type name starting with checkbox

any type name with +multi anywhere in the name

Types with names like this can both take multiple values.

Hints and Tips

Editing Just Form Data, Without Topic Text

In some cases you want to change only the form data. You have the option of hiding the topic text with two methods:

To display only the form whenever you edit a topic, set the preference variable EDITACTION to value form (see details).

To change the edit action in a URL, add a action=form parameter to the edit URL string, such as%SCRIPTURL{edit}%/%BASEWEB%/%BASETOPIC%?t=%SERVERTIME{$epoch}%;action=form (see details).

Build an HTML Form to Create New Form-based Topics

New topics with a form are created by simple HTML forms asking for a topic name. For example, you can have a SubmitExpenseReport topic where you can create new expense reports, a SubmitVacationRequest topic, and so on. These can specify the required template topic with its associated form. Template topics has more.

A Form Template specifies the fields in a form. A Form Template is simply a page containing a TWiki table, where each row of the table specifies one form field.

Update Specific Form Fields

All the form fields are shown and can be updated when editing a topic that has a form. It is possible to have more control over the layout of a form, or update just a subset of the form fields by using a custom HTML form. For example, in a bug tracker, each topic would include a header topic that shows a form with some fields to update specific form fields of the bug item. Use the EDITFORMFIELD variable to easily create this form in the header topic. Example:

Assuming the base topic has a BugForm with Priority and Status fields of type select, a LastUpdate field of type text, and some other fields. Above form shows a table with selectors for Priority and Status, and an Update button. On form submit, the Priority, Status and LastUpdate fields are updated in the base topic.

Searching forms this way is obviously pretty inefficient, but it's easy to do. If you want better performance, take a look at some of the structured wiki extensions that support higher performance searching e.g. TWiki:Plugins.DBCachePlugin.

Gotcha!

Some browsers may strip linefeeds from text fields when a topic is saved. If you need linefeeds in a field, make sure it is a textarea.

Master Templates

TWiki uses master templates when composing the output from all actions, like topic view, edit, and preview.
This allows you to change the look and feel of all pages by editing just a few template files.

Master templates are stored as text files with the extension .tmpl.
They are usually HTML with embedded template directives.
The directives are expanded when TWiki wants to generate a user interface screen.

How Template Directives Work

Directives are of the form %TMPL:<key>% and %TMPL:<key>{"attr"}%.

Directives:

%TMPL:INCLUDE{"file"}%: Includes a template file. The file is found as described below.

%TMPL:DEF{"block"}%: Define a block. All text between this and the next %TMPL:END% directive is removed and saved for later use with %TMPL:P.

%TMPL:END%: Ends a block definition.

%TMPL:P{"var"}%: Includes a previously defined block.

%{...}%: is a comment.

Two-pass processing lets you use a variable before or after declaring it.

Templates and TWikiSkins work transparently and interchangeably. For example, you can create a skin that overloads only the twiki.tmpl master template, like twiki.print.tmpl, that redefines the header and footer.

Use of template directives is optional: templates work without them.

NOTE: Template directives work only for templates: they do not get processed in normal topic text.

TMPL:P also supports simple parameters. For example, given the definition
%TMPL:DEF{"x"}% x%P%z%TMPL:END% then %TMPL:P{"x" P="y"}% will expand to xyz.

Note that parameters can simply be ignored; for example, %TMPL:P{"x"}% will expand to x%P%z.

Any alphanumeric characters can be used in parameter names.
You are highly recommended to use parameter names that cannot be confused with TWikiVariables.

Note that three parameter names, context, then and else are reserved.
They are used to support a limited form of "if" condition that you can use to select which of two templates to use, based on a context identifier:

When the "inactive" context is set, then this will expand the "link_inactive" template; otherwise it will expand the "link_active" template.
See IfStatements for details of supported context identifiers.

Finding Templates

The master templates shipped with a twiki release are stored in the twiki/templates directory.
As an example, twiki/templates/view.tmpl is the default template file for the twiki/bin/view script.

You can save templates in other directories as long as they are listed in the {TemplatePath} configuration setting.
The {TemplatePath} is defined in the Miscellaneous section of the configure page.

You can also save templates in user topics (IF there is no possible template match in the templates directory).
The {TemplatePath} configuration setting defines which topics will be accepted as templates.

Templates that are included with an explicit '.tmpl' extension are looked for only in the templates/ directory.
For instance %TMPL:INCLUDE{"example.tmpl"}% will only return templates/example.tmpl, regardless of {TemplatePath} and SKIN settings.

The out-of-the-box setting of {TemplatePath} supports the following search order to determine which template file or topic to use for a particular script or %TMPL:INCLUDE{"script"}% statement.
The skin path is set as described in TWikiSkins.

templates/web/script.skin.tmpl for each skin on the skin path

this usage is supported for compatibility only and is deprecated. Store web-specific templates in TWiki topics instead.

templates/script.skin.tmpl for each skin on the skin path

templates/web/script.tmpl

this usage is supported for compatibility only and is deprecated. Store web-specific templates in TWiki topics instead.

templates/script.tmpl

The TWiki topic aweb.atopic if the template name can be parsed into aweb.atopic

The TWiki topic web.SkinSkinScriptTemplate for each skin on the skin path

The TWiki topic web.ScriptTemplate

The TWiki topic %SYSTEMWEB%.SkinSkinScriptTemplate for each skin on the skin path

The TWiki topic %SYSTEMWEB%.ScriptTemplate

Legend:

script refers to the script name, e.g view, edit

Script refers to the same, but with the first character capitalized, e.g View

skin refers to a skin name, e.g dragon, pattern. All skins are checked at each stage, in the order they appear in the skin path.

Skin refers to the same, but with the first character capitalized, e.g Dragon

web refers to the current web

For example, the example template file will be searched for in the following places, when the current web is Thisweb and the skin path is print,pattern:

templates/Thisweb/example.print.tmpldeprecated; don't rely on it

templates/Thisweb/example.pattern.tmpldeprecated; don't rely on it

templates/example.print.tmpl

templates/example.pattern.tmpl

templates/Thisweb/example.tmpldeprecated; don't rely on it

templates/example.tmpl

Thisweb.PrintSkinExampleTemplate

Thisweb.PatternSkinExampleTemplate

Thisweb.ExampleTemplate

TWiki.PrintSkinExampleTemplate

TWiki.PatternSkinExampleTemplate

TWiki.ExampleTemplate

Template names are usually derived from the name of the currently executing script; however it is also possible to override these settings in the view and edit scripts, for example when a topic-specific template is required. Two preference variables can be used to override the templates used:

Tip: If you want to override existing templates, without having to worry that your changes will get overwritten by the next TWiki update, change the {TemplatePath} so that another directory, such as the %USERSWEB% appears at the front. You can then put your own templates into that directory or web and these will override the standard templates. (Note that such will increase the lookup time for templates by searching your directory first.)

TMPL:INCLUDE recursion for piecewise customization, or mixing in new features

If there is recursion in the TMPL:INCLUDE chain (eg twiki.classic.tmpl contains %TMPL:INCLUDE{"twiki"}%, the templating system will include the next twiki.SKIN in the skin path.
For example, to create a customization of pattern skin, where you only want to over-ride the breadcrumbs for the view script, you can create only a view.yourlocal.tmpl:

The default {TemplatePath} will not give you the desired result if you put these statements in the topic Thisweb.YourlocalSkinViewTemplate. The default {TemplatePath} will resolve the request to the template/view.pattern.tmpl, before it gets to the Thisweb.YourlocalSkinViewTemplate resolution. You can make it work by prefixing the {TemplatePath} with: $web.YourlocalSkin$nameTemplate.

Default master template

twiki.tmpl is the default master template. It defines the following sections.

User name of user who is instantiating the new tpoic, e.g. Main.TWikiGuest

2. Preventing variable expansion

In a template topic, embed text that you do not want expanded inside a %STARTSECTION{type="templateonly"}% ... %ENDSECTION{type="templateonly"}% section. For example, you might want to write this in the template topic:

%STARTSECTION{type="templateonly"}%
This template can only be changed by:
* Set ALLOWTOPICCHANGE = Main.TWikiAdminGroup
%ENDSECTION{type="templateonly"}%

This will restrict who can edit the template topic, but will be removed when a new topic based on that template topic is created.

%NOP% can be used to prevent expansion of TWiki variables that would otherwise be expanded during topic creation. For example, escape %SERVERTIME% with %SER%NOP%VERTIME%.

3. Causing variable expansion in a section

You can forcefully expand TWikiVariables by placing them inside a type="expandvariables" section in the template topic, such as:

4. Specifying variables to be expanded individually

You may want to mix variables to be expanded and variables not to be.
By prepending a variable name with EOTC__ (EOTC followed by two underscores; EOTC stands for Expand On Topic Creation), you can have the variable expanded.

This yields a series of %INCLUDE{...}%s, which are not expanded.
This is not achievable by an expandvariables section.

Specifying a Form

When you create a new topic based on a template, you often want the new topic to have a form attached to it. You can attach a form to the template topic, in which case it will be copied into the new topic.

Sometimes this isn't quite what you want, as it copies all the existing data from the template topic into the new topic. To avoid this and use the default values specified in the form definition instead, you can use the formtemplate CGI parameter to the edit script to specify the name of a form to attach.

See TWikiScripts for information about all the other parameters to edit.

Automatically Generated Topic Names

For TWiki applications it is useful to be able to automatically generate unique topic names, such as BugID0001, BugID0002, etc. You can add AUTOINC<n> to the topic name in the edit and save scripts, and it will be replaced with an auto-incremented number on topic save. <n> is a number starting from 0, and may include leading zeros. Leading zeros are used to zero-pad numbers so that auto-incremented topic names can sort properly. Deleted topics are not re-used to ensure uniqueness of topic names. That is, the auto-incremented number is always higher than the existing ones, even if there are gaps in the number sequence.

Characters after AUTOINC<n> are preserved, but are not taken into account when calculating the next increment. Use this to create topic names that have a unique identifier (serial number) and a descriptive text.

Note: You can create a topic in one step, without going through the edit screen. To do that, specify the save script instead of the edit script in the form action. When you specify the save script in an HTML form tag you have to use the "post" method. This is done automatically when using the EDITFORMFIELD variable. Example when using the HTML form tag:

TIP: You can use the %WIKIUSERNAME% and %DATE% variables in your topic templates to include the signature of the person creating a new topic. The variables are expanded into fixed text when a new topic is created. The standard signature is: -- %WIKIUSERNAME% - %DATE%

Using Absolute vs Relative URLs in Templates

When you use TWikiVariables such as %PUBURL% and %PUBURLPATH% in templates you should be aware that using %PUBURL% instead of %PUBURLPATH% puts absolute URLs in the produced HTML. This means that when a user saves a TWiki page in HTML and emails the file to someone outside a company firewall, the receiver has a severe problem viewing it. It is therefore recommended always to use the %PUBURLPATH% to refer to images, CSS, Javascript files etc so links become relative. This way browsers just give up right away and show a usable html file.

TWiki Skins

Overview

TWiki uses TWikiTemplates files as the basis of all the screens it uses to interact with users. Each screen has an associated template file that contains the basic layout of the screen. This is then filled in by the code to generate what you see in the browser.

TWiki ships with a default set of template files that give a very basic, CSS-themable, look-and-feel. TWiki also includes support for skins that can be selected to give different, more sophisticated, look and feel. A default TWiki installation will usually start up with the PatternSkin already selected. Skins may also be defined by third parties and loaded into a TWiki installation to give more options. To see how TWiki looks when no skin is selected, view the current page with a non-existing skin.

TWiki topic content is not affected by the choice of skin, however a skin can be defined to use a CSS (Cascading Style Sheet) which can provide a radically different appearance to the text layout.

Changing the default TWiki skin

TWiki ships with the TopMenuSkin activated by default. You can set a skin for the whole site, a single web, a single topic, or for each user individually. This is done by setting the SKIN preferences setting to the name of a skin. If the skin you select doesn't exist, then TWiki will pick up the default templates. For example, to make the SKIN setting work across all topics and webs, put it in TWikiPreferences.

Skins can cascade using a skin path explained below. One skin can be based on another one, and extensions can introduce additional screen elements. For example, the TagMePlugin adds tag elements to the TopMenuSkin, and the TopMenuSkin is based on the PatternSkin, resulting in this skin path:

* Set SKIN = tagme, topmenu, pattern

Defining Skins

You may want to define your own skin, for example to comply with corporate web guidelines, or because you have a aesthetic vision that you want to share. There are a couple of places you can start doing this.

The TWikiTemplates files used for skins are located in the twiki/templates directory and are named according to the skin: <scriptname>.<skin>.tmpl. Skin files may also be defined in TWiki topics - see TWikiTemplates for details.

To start creating a new skin, copy the default TWikiTemplates (like view.tmpl), or copy an existing skin to use as a base for your own skin. You should only need to copy the files you intend to customize, as TWiki can be configured to fall back to another skin if a template is not defined in your skin. Name the files as described above (for example view.myskin.tmpl).

Note: TWiki.org has no marketing budget, e.g. we rely on TWiki users to spread the word of TWiki. You can support the open source project by adding logos that point back to TWiki.org, and by mentioning TWiki in social media.

The standard TWiki skins show the logo in the %WEBCOPYRIGHT% variable.

The following template files are used for TWiki screens, and are referenced in the TWiki core code. If a skin doesn't define its own version of a template file, then TWiki will fall back to the next skin in the skin path, or finally, to the default version of the template file.

(Certain template files are expected to provide certain TMPL:DEFs - these are listed in sub-bullets)

addform - used to select a new form for a topic

attachagain - used when refreshing an existing attachment

attachnew - used when attaching a new file to a topic

attachtables - defines the format of attachments at the bottom of the standard topic view

oopslanguagechanged - used to confirm a new language when internationalisation is enabled

oopsleaseconflict - used to format lease Conflict messages

lease_active, lease_old

preview - used for previewing edited topics before saving

rdiff - used for viewing topic differences

registernotify - used by the user registration system

registernotifyadmin - used by the user registration system

rename - used when renaming a topic

renameconfirm - used when renaming a topic

renamedelete - used when renaming a topic

renameweb - used when renaming a web

renamewebconfirm - used when renaming a web

renamewebdelete - used when renaming a web

searchbookview - used to format inline search results in book view

searchformat - used to format inline search results

search - used by the search CGI script

settings

view - used by the view CGI script

viewprint - used to create the printable view

twiki.tmpl is a master template conventionally used by other templates, but not used directly by code.

Note: Make sure templates do not end with a newline. Any newline will expand to an empty <p /> in the generated html. It will produce invalid html, and may break the page layout.

Partial customization, or adding in new features to an existing skin

You can use recursion in the TMPL:INCLUDE chain (e.g. twiki.pattern.tmpl contains %TMPL:INCLUDE{"twiki"}%, the templating system will include the next twiki.SKIN in the skin path (which is explained below). For example, to create a customization of pattern skin, where you only want to remove the edit & WYSIWYG buttons from view page, you create only a view.yourlocal.tmpl:

The Jump Box and Navigation Box

The box also understands URLs, e.g. you can type http://www.google.com/ to jump to an external web site. The feature is handy if you build a skin that has a select box of frequently used links, like Intranet home, employee database, sales database and such. A little JavaScript gets into action on the onchange method of the select tag to fill the selected URL into the "Go" box field, then submits the form.

Here is an example form that has a select box and the Jump Box for illustration purposes. You need to have JavaScript enabled for this to work:

Bare bones header, for demo only

Navigate:

Jump:

Note: Redirect to a URL only works if it is enabled in configure (Miscellaneous, {AllowRedirectUrl}).

Using Cascading Style Sheets

CSS files are gererally attachments to the skin topic that are included in the the skin templates - in the case of PatternSkin in the template styles.pattern.tmpl.

Attachment Tables

Controlling the look and feel of attachment tables is a little bit more complex than for the rest of a skin. By default, the attachment table is a standard TWiki table, and the look is controlled in the same way as other tables. In a very few cases you may want to change the content of the table as well.

The format of standard attachment tables is defined through the use of special TWiki template macros which by default, are defined in the attachtables.tmpl template using the %TMPL:DEF macro syntax described in TWikiTemplates. These macros are:

Packaging and Publishing Skins

Browsing Installed Skins

Activating Skins

TWiki uses a skin search path, which lets you combine skins additively. The skin path is defined using a combination of TWikiVariables and URL parameters.

TWiki works by asking for a template for a particular function - for example, 'view'. The detail of how templates are searched for is described in TWikiTemplates, but in summary, the templates directory is searched for a file called view.skin.tmpl, where skin is the name of the skin e.g. pattern. If no template is found, then the fallback is to use view.tmpl. Each skin on the path is searched for in turn. For example, if you have set the skin path to local,pattern then view.local.tmpl will be searched for first, then view.pattern.tmpl and finally view.tmpl.

The basic skin is defined by a SKIN setting:

Set SKIN = catskin, bearskin

You can also add a parameter to the URL, such as ?skin=catskin,bearskin:

Setting SKIN (or the ?skin parameter in the URL) replaces the existing skin path setting, for the current page only. You can also extend the existing skin path as well, using covers.

Set COVER = ruskin

This pushes a different skin to the front of the skin search path (so for our example above, that final skin path will be ruskin, catskin, bearskin). There is also an equivalent cover URL parameter. The difference between setting SKIN vs. COVER is that if the chosen template is not found (e.g., for included templates), SKIN will fall back onto the next skin in line, or the default skin, if only one skin was present, while COVER will always fall back onto the current skin.

An example would be invoking the printable mode, which is achieved by applying ?cover=print. The view.print.tmpl simply invokes the viewprint template for the current skin which then can appropriately include all other used templates for the current skin. Where the printable mode be applied by using SKIN, all skins would have the same printable appearance.

The full skin path is built up as follows: SKIN setting (or ?skin if it is set), then COVER setting is added, then ?cover.

Conditional Skin Activation

TWiki skins can be activated conditionally using IfStatements. For example, you might want to use a mobile skin for iPhone and Android user agents, and the default skin otherwise. This example uses the print skin on iPhone and Android:

Hard-Coded Skins

The text skin is reserved for TWiki internal use.

Skin names starting with rss also have a special meaning; if one or more of the skins in the skin path starts with 'rss' then 8-bit characters will be encoded as XML entities in the output, and the content-type header will be forced to text/xml.

TWiki Meta Data

Additional topic data, program-generated or from TWikiForms, is stored embedded in the topic text using META: tags

Overview

By default, TWiki stores topics in files on disk, in a really simple and obvious directory structure. The big advantage of this approach is that it makes it really easy to manipulate topics from outside TWiki, and is also very safe; there are no complex binary indexes to maintain, and moving a topic from one TWiki to another is as simple as copying a couple of text files.

To keep everything together in one place, TWiki uses a simple method for embedding additional data (program-generated or from TWikiForms) in topics. It does this using META: tags.

Meta Data Syntax

Format is the same as in TWikiVariables, except all fields have a key.

%META:<type>{key1="value1" key2="value2" ...}%

Order of fields within the meta variables is not defined, except that if there is a field with key name, this appears first for easier searching (note the order of the variables themselves is defined).

Each meta variable is on one line.

Values in meta-data are URL encoded so that characters such as \n can be stored.

META:TOPICMOVED

This is optional, exists if topic has ever been moved. If a topic is moved more than once, only the most recent META:TOPICMOVED meta variable exists in the topic, older ones are to be found in the rcs history.

META:TOPICPARENT

The topic from which this was created, typically when clicking on a red-link, or by filling out a form. Normally just TopicName, but it can be a full Web.TopicName format if the parent is in a different Web.

Recommended Sequence

There is no absolute need for Meta Data variables to be listed in a specific order within a topic, but it makes sense to do so a couple of good reasons:

form fields remain in the order they are defined

the diff function output appears in a logical order

The recommended sequence is:

META:TOPICINFO

META:TOPICPARENT (optional)

text of topic

META:TOPICMOVED (optional)

META:FILEATTACHMENT (0 or more entries)

META:FORM (optional)

META:FIELD (0 or more entries; FORM required)

Viewing Meta Data in Page Source

When viewing a topic the Raw Text link can be clicked to show the text of a topic (i.e., as seen when editing). This is done by adding raw=on to URL. raw=debug shows the meta data as well as the topic data, ex: debug view for this topic

Rendering Meta Data

Meta Data is rendered with the %META% variable. This is mostly used in the view, preview and edit scripts.

You can render form fields in topic text by using the FORMFIELD variable. Example:%FORMFIELD{"TopicClassification"}%
For details, see VarFORMFIELD.

Show form field value. Parameter: name="field_name". Example:%META{ "formfield" name="TopicClassification" }%

%META{"attachments"}%

Show attachments, except for hidden ones. Options: all="on": Show all attachments, including hidden ones.

%META{"moved"}%

Details of any topic moves.

%META{"parent"}%

Show topic parent. Options: dontrecurse="on": By default recurses up tree, at some cost. nowebhome="on": Suppress WebHome. prefix="...": Prefix for parents, only if there are parents, default "". suffix="...": Suffix, only appears if there are parents, default "". separator="...": Separator between parents, default is " > ".

TWiki Add-Ons

Add functionality to TWiki with extensions not based on the TWiki scripts.

Overview

An add-on runs separately from the TWiki scripts, e.g. for data import, export to static HTML, etc. Add-Ons normally do not call any TWiki code directly, though may invoke TWiki scripts. There are different types of add-ons, they may be stand alone scripts, browser plugins, office tool extensions, or even a set of TWiki topics that form a TWiki application.

Creating new Add-Ons

TWiki Contribs

Reusable code that may be used over several plugins and add-ons.

Overview

TWiki contribs extend the functionality of TWiki, typically used by plugins and add-ons. They may also provide alternative implementations for sections of the TWiki core e.g. user management, or when an extension just can't be implemented as a plugin because it requires very close access to TWiki internals.

Creating new Contribs

TWiki Plugins

Add functionality to TWiki with readily available plugins; create plugins based on APIs

Overview

You can add plugins to extend TWiki functionality, without altering the core code. A plug-in approach lets you:

add virtually unlimited features while keeping the main TWiki code compact and efficient;

heavily customize an installation and still do clean updates to new versions of TWiki;

rapidly develop new TWiki functions in Perl using the plugin API.

Everything to do with TWiki plugins - demos, new releases, downloads, development, general discussion - is available at TWiki.org, in the TWiki:Plugins web.

TWiki plugins are developed and contributed by interested members of the community. Plugins are provided on an 'as is' basis; they are not a part of TWiki, but are independently developed and maintained.

Installing Plugins

The TWiki:Plugins web on TWiki.org is the repository for TWiki plugins. Each plugin such as the TWiki:Plugins.ChartPlugin has a topic with user guide, step-by-step installation instructions, a detailed description of any special requirements, version details, and a working example for testing. There's usually a number of other related topics, such as a developers page, and an appraisal page.

Most TWiki plugins are packaged so that they can be installed and upgraded using the configure script. To install a plugin, open up the Extensions tab, follow the "Find More Extensions" link, and follow the instructions. A plugin needs to be enabled after installation.

Plugins can also be installed manually: Download the zip or tgz package of a TWiki plugin from the TWiki.org repository, upload it to the TWiki server, unpack it, and follow the installation instructions found in the plugin topic on TWiki.org.

Special Requirements: Some plugins need certain Perl modules to be pre-installed on the host system. Plugins may also use other resources, like graphics, other modules, applications, and templates. You should be able to find detailed instructions in the plugin's documentation. Use the package manager of the server OS (yum, apt-get, rpm, etc) to install dependent libraries.

If available, install CPAN (Comprehensive Perl Archive Network) libraries with the OS package manager. For example, to install IO::Socket::SSL on Fedora/RedHat/CentOS, run yum install perl-IO-Socket-SSL. CPAN modules can also be installed natively, see TWiki:TWiki.HowToInstallCpanModules.

On-Site Pretesting

If you have a mission critical TWiki installation and you are concerned about installing new plugins, you can test new plugins before making them available by creating a second test TWiki installation, and test the plugin there. It is also possible to configure this test TWiki to use the live data. You can allow selected users access to the test area. Once you are satisfied that it won't compromise your primary installation, you can install it there as well.

InstalledPlugins shows which plugins are: 1) installed, 2) loading properly, and 3) what TWiki:Codev.PluginHandlers they invoke. Any failures are shown in the Errors section. The %FAILEDPLUGINS% variable can be used to debug failures. You may also want to check your webserver error log and the various TWiki log files.

Some Notes on Plugin Performance

The performance of the system depends to some extent on the number of plugins installed and on the plugin implementation. Some plugins impose no measurable performance decrease, some do. For example, a Plugin might use many Perl libraries that need to be initialized with each page view (unless you run mod_perl). You can only really tell the performance impact by installing the plugin and by measuring the performance with and without the new plugin. Use the TWiki:Plugins.PluginBenchmarkAddOn, or test manually with the Apache ab utility. Example on Unix:time wget -qO /dev/null /twiki/bin/view/TWiki/AbcPlugin

If you need to install an "expensive" plugin, but you only need its functionality only in a subset of your data, you can disable it elsewhere by defining the %DISABLEDPLUGINS% TWiki variable.

Define DISABLEDPLUGINS to be a comma-separated list of names of plugins to disable. Define it in Main.TWikiPreferences to disable those plugins everywhere, in the WebPreferences topic to disable them in an individual web, or in a topic to disable them in that topic. For example,

* Set DISABLEDPLUGINS = SpreadSheetPlugin, EditTablePlugin

Managing Installed Plugins

Some plugins require additional settings or offer extra options that you have to select. Also, you may want to make a plugin available only in certain webs, or temporarily disable it. And may want to list all available plugins in certain topics. You can handle all of these management tasks with simple procedures:

Enabling/Disabling Plugins

Plugins can be enabled and disabled with the configure script in the Plugins section. An installed plugin needs to be enabled before it can be used.

Plugin Evaluation Order

By default, TWiki executes plugins in alphabetical order on plugin name. It is possible to change the order, for example to evaluate database variables before the spreadsheet CALCs. This can be done with {PluginsOrder} in the plugins section of configure.

Plugin-Specific Settings

Plugins can be configured with 1. preferences settings and/or 2. with configure settings. Older plugins use plugin preferences settings defined in the plugin topic, which is no longer recommended.

1. Use preferences settings:

Adinistrators can set plugin-specific settings in the local site preferences at Main.TWikiPreferences and users can overload them at the web level and page level. This approach is recommended if users should be able to overload settings. For security this is not recommended for system settings, such as a path to an executable. By convention, preferences setting names start with the plugin name in all caps, and an underscore. For example, to set the cache refresh period of the TWiki:Plugins.VarCachePlugin, add this bullet in Main.TWikiPreferences

Set VARCACHEPLUGIN_REFRESH = 24

Preferences settings that have been defined in Main.TWikiPreferences can be retrieved anywhere in TWiki with %<pluginname>_<setting>%, such as %VARCACHEPLUGIN_REFRESH%.

The administrator can set plugin settings in the configure interface. Recommended if only site administrators should be able to change settings. Chose this option to set sensitive or dangerous system settings, such as passwords or path to executables. To define plugin-specific configure settings,

Create a Config.spec file in lib/TWiki/Plugins/YourPlugin/ with variables, such as$TWiki::cfg{Plugins}{RecentVisitorPlugin}{ShowIP} = 0;

In the plugin, use those those variables, such as$showIP = $TWiki::cfg{Plugins}{RecentVisitorPlugin}{ShowIP} || 0;

The TWiki Plugin API

Available Core Functions

The TWikiFuncDotPm module (lib/TWiki/Func.pm) describes all the interfaces available to plugins. Plugins should only use the interfaces described in this module.

Note: If you use other core functions not described in Func.pm, you run the risk of creating security holes. Also, your plugin will likely break and require updating when you upgrade to a new version of TWiki.

Predefined Hooks

In addition to TWiki core functions, plugins can use predefined hooks, or callbacks, as described in the lib/TWiki/Plugins/EmptyPlugin.pm module.

All but the initPlugin are commented out. To enable a callback, remove the leading # from all lines of the callback.

Keep the main plugin package as small as possible; create other packages that are loaded if and only if they are used. For example, create sub-packages of BathPlugin in lib/TWiki/Plugins/BathPlugin/.

Avoid using preferences in the plugin topic; Define $NO_PREFS_IN_TOPIC in your plugin package as that will stop TWiki from reading the plugin topic for every page. Use Config.spec or preferences settings instead. (See details).

Always audit the plugins you install, and make sure you are happy with the level of security provided. While every effort is made to monitor plugin authors activities, at the end of the day they are uncontrolled user contributions.

Creating Plugins

With a reasonable knowledge of the Perl scripting language, you can create new plugins or modify and extend existing ones. Basic plug-in architecture uses an Application Programming Interface (API), a set of software instructions that allow external code to interact with the main program. The TWiki Plugin API provides the programming interface for TWiki. Understanding how TWiki is working at high level is beneficial for plugin development.

Anatomy of a Plugin

A (very) basic TWiki plugin consists of two files:

a Perl module, e.g. MyFirstPlugin.pm

a documentation topic, e.g. MyFirstPlugin.txt

The Perl module can be a block of code that talks to with TWiki alone, or it can include other elements, like other Perl modules (including other plugins), graphics, TWiki templates, external applications (ex: a Java applet), or just about anything else it can call.
In particular, files that should be web-accessible (graphics, Java applets ...) are best placed as attachments of the MyFirstPlugin topic. Other needed Perl code is best placed in a lib/TWiki/Plugins/MyFirstPlugin/ directory.

The plugin API handles the details of connecting your Perl module with main TWiki code. When you're familiar with the Plugin API, you're ready to develop plugins.

The TWiki:Plugins.BuildContrib module provides a lot of support for plugins development, including a plugin creator, automatic publishing support, and automatic installation script writer. If you plan on writing more than one plugin, you probably need it.

Creating the Perl Module

Copy file lib/TWiki/Plugins/EmptyPlugin.pm to <name>Plugin.pm. The EmptyPlugin.pm module contains mostly empty functions, so it does nothing, but it's ready to be used. Customize it. Refer to the Plugin API specs for more information.

If your plugin uses its own modules and objects, you must include the name of the plugin in the package name. For example, write Package MyFirstPlugin::Attrs; instead of just Package Attrs;. Then call it using:

Writing the Documentation Topic

The plugin documentation topic contains usage instructions and version details. It serves the plugin files as FileAttachments for downloading. (The doc topic is also included in the distribution package.) To create a documentation topic:

In the JumpBox enter your plugin name, for example MyFirstPlugin, press enter and create the new topic

paste & save new plugin topic on your site

Customize your plugin topic.

Important: In case you plan to publish your plugin on TWiki.org, use Interwiki names for author names and links to TWiki.org topics, such as TWiki:Main/TWikiGuest. This is important because links should work properly in a plugin topic installed on any TWiki, not just on TWiki.org.

Plugin Info: <Version, credits, history, requirements - entered in a form, displayed as a table. Both are automatically generated when you create or edit a page in the TWiki:Plugins web.>"

Packaging for Distribution

The TWiki:Plugins.BuildContrib is a powerful build environment that is used by the TWiki project to build TWiki itself, as well as many of the plugins. You don't have to use it, but it is highly recommended!

If you don't want (or can't) use the BuildContrib, then a minimum plugin release consists of a Perl module with a WikiName that ends in Plugin, ex: MyFirstPlugin.pm, and a documentation page with the same name(MyFirstPlugin.txt).

Distribute the plugin files in a directory structure that mirrors TWiki. If your plugin uses additional files, include them all:

lib/TWiki/Plugins/MyFirstPlugin.pm

data/TWiki/MyFirstPlugin.txt

pub/TWiki/MyFirstPlugin/uparrow.gif [a required graphic]

Create a zip archive with the plugin name (MyFirstPlugin.zip) and add the entire directory structure from Step 1. The archive should look like this:

Publishing for Public Use

You can release your tested, packaged plugin to the TWiki community through the TWiki:Plugins web. All plugins submitted to TWiki.org are available for download and further development in TWiki:Plugins/PluginPackage.

Link from the doc page to a new, blank page named after the plugin, and ending in Dev, ex: MyFirstPluginDev. This is the discussion page for future development. (User support for plugins is handled in TWiki:Support.)

Once you have done the above steps once, you can use the BuildContrib to upload updates to your plugin.

Thank you very much for sharing your plugin with the TWiki community

Recommended Storage of Plugin Specific Data

Plugins sometimes need to store data. This can be plugin internal data such as cache data, or data generated for browser consumption such as images. Plugins should store data using TWikiFuncDotPm functions that support saving and loading of topics and attachments.

Plugin Internal Data

You can create a plugin "work area" using the TWiki::Func::getWorkArea() function, which gives you a persistent directory where you can store data files. By default they will not be web accessible. The directory is guaranteed to exist, and to be writable by the webserver user. For convenience, TWiki::Func::storeFile() and TWiki::Func::readFile() are provided to persistently store and retrieve simple data in this area.

Web Accessible Data

Topic-specific data such as generated images can be stored in the topic's attachment area, which is web accessible. Use the TWiki::Func::saveAttachment() function to store the data.

Recommendation for file name:

Prefix the filename with an underscore (the leading underscore avoids a name clash with files attached to the same topic)

Identify where the attachment originated from, typically by including the plugin name in the file name

Use only alphanumeric characters, underscores, dashes and periods to avoid platform dependency issues and URL issues

Example: _GaugePlugin_img123.gif

Web specific data can be stored in the plugin's attachment area, which is web accessible. Use the TWiki::Func::saveAttachment() function to store the data.

Recommendation for file names in plugin attachment area:

Prefix the filename with an underscore

Include the name of the web in the filename

Use only alphanumeric characters, underscores, dashes and periods to avoid platform dependency issues and URL issues

Example: _Main_roundedge-ul.gif

Integrating with configure

Some TWiki extensions have setup requirements that are best integrated into configure rather than trying to use TWiki preferences variables. These extensions use Config.spec files to publish their configuration requirements.

Config.spec files are read during TWiki configuration. Once a Config.spec has defined a configuration item, it is available for edit through the standard configure interface. Config.spec files are stored in the 'plugin directory' e.g. lib/TWiki/Plugins/BathPlugin/Config.spec.

Structure of a Config.spec file

The Config.spec file for an extension starts with the extension announcing what it is:

# ---+ Extensions
# ---++ BathPlugin
# This plugin senses the level of water in your bath, and ensures the plug
# is not removed while the water is still warm.

This is followed by one or more configuration items. Each configuration item has a type, a description and a default. For example:

The type (e.g. **SELECT** ) tells configure to how to prompt for the value. It also tells configure how to do some basic checking on the value you actually enter. All the comments between the type and the configuration item are taken as part of the description. The configuration item itself defines the default value for the configuration item. The above spec defines the configuration items $TWiki::cfg{BathPlugin}{PlugType}, $TWiki::cfg{BathPlugin}{ChainLength}, and $TWiki::cfg{BathPlugin}{TempSensorEnabled} for use in your plugin. For example,

The Config.spec file is read by configure, which then writes LocalSite.cfg with the values chosen by the local site admin.

A range of types are available for use in Config.spec files:

BOOLEAN

A true/false value, represented as a checkbox

COMMAND length

A shell command

LANGUAGE

A language (selected from {LocalesDir}

NUMBER

A number

OCTAL

An octal number

PASSWORD length

A password (input is hidden)

PATH length

A file path

PERL

A perl structure, consisting of arrays and hashes

REGEX length

A perl regular expression

SELECT choices

Pick one of a range of choices

SELECTCLASS root

Select a perl package (class)

STRING length

A string

URL length

A url

URLPATH length

A relative URL path

All types can be followed by a comma-separated list of attributes.

EXPERT

means this an expert option

M

means the setting is mandatory (may not be empty)

H

means the option is not visible in configure

See lib/TWiki.spec for many more examples.

Config.spec files for non-plugin extensions are stored under the Contrib directory instead of the Plugins directory.

Note that from TWiki 5.0 onwards, CGI scripts (in the TWiki bin directory) provided by extensions must also have an entry in the Config.spec file. This entry looks like this (example taken from PublishContrib)

PERL specifies a perl data structure, and H a hidden setting (it won't appear in configure). The first field of the data value specifies the class where the function that implements the script can be found. The second field specifies the name of the function, which must be the same as the name of the script. The third parameter is a hash of initial context settings for the script.

Maintaining Plugins

Discussions and Feedback on Plugins

Each published plugin has a plugin development topic on TWiki.org. Plugin development topics are named after your plugin and end in Dev, such as MyFirstPluginDev. The plugin development topic is a great resource to discuss feature enhancements and to get feedback from the TWiki community.

Maintaining Compatibility with Earlier TWiki Versions

The plugin interface (TWikiFuncDotPm functions and plugin handlers) evolve over time. TWiki introduces new API functions to address the needs of plugin authors. Plugins using unofficial TWiki internal functions may no longer work on a TWiki upgrade.

Organizations typically do not upgrade to the latest TWiki for many months. However, many administrators still would like to install the latest versions of a plugin on their older TWiki installation. This need is fulfilled if plugins are maintained in a compatible manner.

Tip: Plugins can be written to be compatible with older and newer TWiki releases. This can be done also for plugins using unofficial TWiki internal functions of an earlier release that no longer work on the latest TWiki codebase.
Here is an example; the TWiki:TWiki.TWikiPluginsSupplement#MaintainPlugins has more details.

Handling deprecated functions

From time-to-time, the TWiki developers will add new functions to the interface (either to TWikiFuncDotPm, or new handlers). Sometimes these improvements mean that old functions have to be deprecated to keep the code manageable. When this happens, the deprecated functions will be supported in the interface for at least one more TWiki release, and probably longer, though this cannot be guaranteed.

When a plugin defines deprecated handlers, a warning will be shown in the list generated by %FAILEDPLUGINS%. Admins who see these warnings should check TWiki.org and if necessary, contact the plugin author, for an updated version of the plugin.

Updated plugins may still need to define deprecated handlers for compatibility with old TWiki versions. In this case, the plugin package that defines old handlers can suppress the warnings in %FAILEDPLUGINS%.

This is done by defining a map from the handler name to the TWiki::Plugins version in which the handler was first deprecated. For example, if we need to define the endRenderingHandler for compatibility with TWiki::Plugins versions before 1.1, we would add this to the plugin:

If the currently-running TWiki version is 1.1 or later, then the handler will not be called and the warning will not be issued. TWiki with versions of TWiki::Plugins before 1.1 will still call the handler as required.

This module defines official functions that TWiki plugins
can use to interact with the TWiki engine and content.

Refer to EmptyPlugin and lib/TWiki/Plugins/EmptyPlugin.pm for a template
plugin and documentation on how to write a plugin.

Plugins should only use functions published in this module. If you use
functions in other TWiki libraries you might create a security hole and
you will probably need to change your plugin when you upgrade TWiki.

Deprecated functions will still work in older code, though they should
not be called in new plugins and should be replaced in older plugins
as soon as possible.

The version of the TWiki::Func module is defined by the VERSION number of the
TWiki::Plugins module, currently 6.02. This can be shown
by the %PLUGINVERSION% TWiki variable, and accessed in code using
$TWiki::Plugins::VERSION. The 'Since' field in the function
documentation refers to $TWiki::Plugins::VERSION.

Notes on use of $TWiki::Plugins::VERSION 6.00 and later:

The version number is now aligned with the TWiki release version.

A TWiki-6.7.8 release will have a $TWiki::Plugins::VERSION = 6.78.

In an unlikely case where the patch number is 10 or larger, the patch number is added to the previous patch number. For example, TWiki-6.7.9 will have version 6.79, TWiki-6.7.10 will have 6.7910, and TWiki-6.7.11 will have 6.7911. This ensures that the version number can sort properly.

TWiki::Plugins::VERSION also applies to the plugin handlers. The handlers are documented in the EmptyPlugin, and that module indicates what version of TWiki::Plugins::VERSION it relates to.

A full history of the changes to this API can be found at the end of this
topic.

Environment

getSkin( ) -> $skin

Get the skin path, set by the SKIN and COVER preferences variables or the skin and cover CGI parameters

getUrlHost( ) -> $host

getScriptUrl( $web, $topic, $script, ... ) -> $url

Compose fully qualified URL

$web - Web name, e.g. 'Main'

$topic - Topic name, e.g. 'WebNotify'

$script - Script name, e.g. 'view'

... - an arbitrary number of name=>value parameter pairs that will be url-encoded and added to the url. The special parameter name '#' is reserved for specifying an anchor. e.g. getScriptUrl('x','y','view','#'=>'XXX',a=>1,b=>2) will give .../view/x/y?a=1&b=2#XXX

getPubUrlPath( ) -> $path

getExternalResource( $url, \@headers, \%params ) -> $response

Get whatever is at the other end of a URL (using an HTTP GET request). Will
only work for encrypted protocols such as https if the LWP CPAN module is
installed.

Note that the $url may have an optional user and password, as specified by
the relevant RFC. Any proxy set in configure is honored.

Optional parameters may be supplied:

\@headers (an array ref): Additional HTTP headers of form 'name1', 'value1', 'name2', 'value2'. User-Agent header is set to "TWiki::Net/### libwww-perl/#.##" by default, where ### is the revision number of TWiki::Net and #.## is the version of LWP.

The $response is an object that is known to implement the following subset of
the methods of HTTP::Response. It may in fact be an HTTP::Response object,
but it may also not be if LWP is not available, so callers may only assume
the following subset of methods is available:

code()

message()

header($field)

content()

is_error()

is_redirect()

Note that if LWP is not available, this function:

can only really be trusted for HTTP/1.0 urls. If HTTP/1.1 or another protocol is required, you are strongly recommended to require LWP.

Will not parse multipart content

In the event of the server returning an error, then is_error() will return
true, code() will return a valid HTTP status code
as specified in RFC 2616 and RFC 2518, and message() will return the
message that was received from
the server. In the event of a client-side error (e.g. an unparseable URL)
then is_error() will return true and message() will return an explanatory
message. code() will return 400 (BAD REQUEST).

Note: Callers can easily check the availability of other HTTP::Response methods
as follows:

my $response = TWiki::Func::getExternalResource($url);
if (!$response->is_error() && $response->isa('HTTP::Response')) {
$text = $response->content();
# ... other methods of HTTP::Response may be called
} else {
# ... only the methods listed above may be called
}

Since: TWiki::Plugins::VERSION 1.2

Note: The optional parameters \@headers and \%params were added in
TWiki::Plugins::VERSION 6.00

postExternalResource( $url, $text, \@headers, \%params ) -> $response

This method is essentially the same as getExternalResource() except that it uses
an HTTP POST method and that the additional $text parameter is required.

The $text is sent to the server as the body content of the HTTP request.

See getExternalResource() for more details.

Since: TWiki::Plugins::VERSION 6.00

getCgiQuery( ) -> $query

Get CGI query object. Important: Plugins cannot assume that scripts run under CGI, Plugins must always test if the CGI query object is set

Return: $query CGI query object; or 0 if script is called as a shell script

Get a list of all the names of session variables. The list is unsorted.

Session keys are stored and retrieved using setSessionValue and
getSessionValue.

Since: TWiki::Plugins::VERSION 1.2

getSessionValue( $key ) -> $value

Get a session value from the client session module

$key - Session key

Return: $value Value associated with key; empty string if not set

Since: TWiki::Plugins::VERSION 1.000 (27 Feb 200)

setSessionValue( $key, $value ) -> $boolean

Set a session value.

$key - Session key

$value - Value associated with key

Return: true if function succeeded

Since: TWiki::Plugins::VERSION 1.000 (17 Aug 2001)

clearSessionValue( $key ) -> $boolean

Clear a session value that was set using setSessionValue.

$key - name of value stored in session to be cleared. Note that you cannot clear AUTHUSER.

Return: true if the session value was cleared

Since: TWiki::Plugins::VERSION 1.1

getContext() -> \%hash

Get a hash of context identifiers representing the currently active
context.

The context is a set of identifiers that are set
during specific phases of TWiki processing. For example, each of
the standard scripts in the 'bin' directory each has a context
identifier - the view script has 'view', the edit script has 'edit'
etc. So you can easily tell what 'type' of script your Plugin is
being called within. The core context identifiers are listed
in the IfStatements topic. Please be careful not to
overwrite any of these identifiers!

Context identifiers can be used to communicate between Plugins, and between
Plugins and templates. For example, in FirstPlugin.pm, you might write:

%TMPL:DEF{"ON"}% Not off %TMPL:END%
%TMPL:DEF{"OFF"}% Not on %TMPL:END%
%TMPL:P{context="MyID" then="ON" else="OFF"}%

or in a topic:

%IF{"context MyID" then="MyID is ON" else="MyID is OFF"}%

Note: all plugins have an automatically generated context identifier
if they are installed and initialised. For example, if the FirstPlugin is
working, the context ID 'FirstPluginEnabled' will be set.

Since: TWiki::Plugins::VERSION 1.1

pushTopicContext($web, $topic)

$web - new web

$topic - new topic

Change the TWiki context so it behaves as if it was processing $web.$topic
from now on. All the preferences will be reset to those of the new topic.
Note that if the new topic is not readable by the logged in user due to
access control considerations, there will not be an exception. It is the
duty of the caller to check access permissions before changing the topic.

It is the duty of the caller to restore the original context by calling
popTopicContext.

Note that this call does not re-initialise plugins, so if you have used
global variables to remember the web and topic in initPlugin, then those
values will be unchanged.

Since: TWiki::Plugins::VERSION 1.2

popTopicContext()

Returns the TWiki context to the state it was in before the
pushTopicContext was called.

Since: TWiki::Plugins::VERSION 1.2

Preferences

getPreferencesValue( $key, $web ) -> $value

Get a preferences value from TWiki or from a Plugin

$key - Preferences key

$web - Name of web, optional. Current web if not specified; does not apply to settings of Plugin topics

NOTE: As of TWiki-4.1, if $NO_PREFS_IN_TOPIC is enabled in the plugin, then
preferences set in the plugin topic will be ignored.

getPluginPreferencesFlag( $key ) -> $boolean

Get a preferences flag from your Plugin

$key - Plugin Preferences key w/o PLUGINNAME_ prefix.

Return: false for preferences values "off", "no" and "0", or values not set at all. True otherwise.

Note: This function will will only work when called from the Plugin.pm file itself. it will not work if called from a sub-package (e.g. TWiki::Plugins::MyPlugin::MyModule)

Since: TWiki::Plugins::VERSION 1.021 (27 Mar 2004)

NOTE: As of TWiki-4.1, if $NO_PREFS_IN_TOPIC is enabled in the plugin, then
preferences set in the plugin topic will be ignored.

setPreferencesValue($name, $val)

Set the preferences value so that future calls to getPreferencesValue will
return this value, and %$name% will expand to the preference when used in
future variable expansions.

The preference only persists for the rest of this request. Finalised
preferences cannot be redefined using this function.

Returns 1 if the preference was defined, and 0 otherwise.

getWikiToolName( ) -> $name

Get toolname as defined in TWiki.cfg

Return: $name Name of tool, e.g. 'TWiki'

Since: TWiki::Plugins::VERSION 1.000 (27 Feb 2001)

getMainWebname( ) -> $name

Get name of Main web as defined in TWiki.cfg

Return: $name Name, e.g. 'Main'

Since: TWiki::Plugins::VERSION 1.000 (27 Feb 2001)

getTwikiWebname( ) -> $name

Get name of TWiki documentation web as defined in TWiki.cfg

Return: $name Name, e.g. 'TWiki'

Since: TWiki::Plugins::VERSION 1.000 (27 Feb 2001)

User Handling and Access Control

getDefaultUserName( ) -> $loginName

Get default user name as defined in the configuration as DefaultUserLogin

Return: $loginName Default user name, e.g. 'guest'

Since: TWiki::Plugins::VERSION 1.000 (7 Dec 2002)

getCanonicalUserID( $user ) -> $cUID

$user can be a login, wikiname or web.wikiname

Return the cUID of the specified user. A cUID is a unique identifier which
is assigned by TWiki for each user.
BEWARE: While the default TWikiUserMapping uses a cUID that looks like a user's
LoginName, some characters are modified to make them compatible with rcs.
Other usermappings may use other conventions - the JoomlaUserMapping
for example, has cUIDs like 'JoomlaeUserMapping_1234'.

If $user is undefined, it assumes the currently logged-in user.

Return: $cUID, an internal unique and portable escaped identifier for
registered users. This may be autogenerated for an authenticated but
unregistered user.

Since: TWiki::Plugins::VERSION 1.2

getWikiName( $user ) -> $wikiName

Return the WikiName of the specified user.
If $user is undefined get Wiki name of logged-in user.

$user can be a cUID, login, wikiname or web.wikiname

Return: $wikiName Wiki Name, e.g. 'JohnDoe'

Since: TWiki::Plugins::VERSION 1.000 (7 Dec 2002)

getWikiUserName( $user ) -> $wikiName

Return the userWeb.WikiName of the specified user.
If $user is undefined get Wiki name of logged-in user.

$user can be a cUID, login, wikiname or web.wikiname

Return: $wikiName Wiki Name, e.g. "Main.JohnDoe"

Since: TWiki::Plugins::VERSION 1.000 (7 Dec 2002)

wikiToUserName( $id ) -> $loginName

Translate a Wiki name to a login name.

$id - Wiki name, required, e.g. 'Main.JohnDoe' or 'JohnDoe'. Since TWiki 4.2.1, $id may also be a login name. This will normally be transparent, but should be borne in mind if you have login names that are also legal wiki names.

Return: $loginName Login name of user, e.g. 'jdoe', or undef if not
matched.

Note that it is possible for several login names to map to the same wikiname.
This function will only return the first login name that maps to the
wikiname.

Find the wikinames of all users who have the given email address as their
registered address. Since several users could register with the same email
address, this returns a list of wikinames rather than a single wikiname.

You are setting different access controls in the text to those defined in the stored topic,

You already have the topic text in hand, and want to help TWiki avoid having to read it again,

You are providing a $meta parameter.

$topic - Topic name, required, e.g. 'PrivateStuff'

$web - Web name, required, e.g. 'Sandbox'

$meta - Meta-data object, as returned by readTopic. Optional. If undef, but $text is defined, then access controls will be parsed from $text. If defined, then metadata embedded in $text will be ignored. This parameter is always ignored if $text is undefined. Settings in $meta override Set settings in $text.

A perl true result indicates that access is permitted.

Note the weird parameter order is due to compatibility constraints with
earlier TWiki releases.

Tip if you want, you can use this method to check your own access control types. For example, if you:

Set ALLOWTOPICSPIN = IncyWincy

in ThatWeb.ThisTopic, then a call to checkAccessPermission('SPIN', 'IncyWincy', undef, 'ThisTopic', 'ThatWeb', undef) will return true.

Webs, Topics and Attachments

Gets a list of webs, filtered according to the spec in the $filter,
which may include one of:

'user' (for only user webs)

'template' (for only template webs i.e. those starting with "_")

$filter may also contain the word 'public' which will further filter
out webs that have NOSEARCHALL set on them.
'allowed' filters out webs the current user can't read.

For example, the deprecated getPublicWebList function can be duplicated
as follows:

my @webs = TWiki::Func::getListOfWebs( "user,public" );

Since: TWiki::Plugins::VERSION 1.1

webExists( $web ) -> $boolean

Test if web exists

$web - Web name, required, e.g. 'Sandbox'

Since: TWiki::Plugins::VERSION 1.000 (14 Jul 2001)

isValidWebName( $name, $templateWeb ) -> $boolean

Check for a valid web name.

$name - web name

$templateWeb - flag, optional. If true, then template web names (starting with _) are considered valid, otherwise only user web names are valid.

Return: true if web name is valid

If $TWiki::cfg{EnableHierarchicalWebs} is off, it will also return false when a nested
web name is passed to it.

Since: TWiki::Plugins::VERSION 1.4

createWeb( $newWeb, $baseWeb, $opts )

$newWeb is the name of the new web.

$baseWeb is the name of an existing web (a template web). If the base web is a system web, all topics in it will be copied into the new web. If it is a normal web, only topics starting with 'Web' will be copied. If no base web is specified, an empty web (with no topics) will be created. If it is specified but does not exist, an error will be thrown.

eachChangeSince($web, $time) -> $iterator

Get an iterator over the list of all the changes in the given web between
$time and now. $time is a time in seconds since 1st Jan 1970, and is not
guaranteed to return any changes that occurred before (now -
{Store}{RememberChangesFor}). {Store}{RememberChangesFor}) is a
setting in configure. Changes are returned in most-recent-first
order.

Use it as follows:

my $iterator = TWiki::Func::eachChangeSince(
$web, time() - 7 * 24 * 60 * 60); # the last 7 days
while ($iterator->hasNext()) {
my $change = $iterator->next();
# $change is a perl hash that contains the following fields:
# topic => topic name
# user => wikiname - wikiname of user who made the change
# time => time of the change
# revision => revision number *after* the change
# more => more info about the change (e.g. 'minor')
}

topicExists( $web, $topic ) -> $boolean

$web and $topic are parsed as described in the documentation for normalizeWebTopicName.
Specifically, the Main is used if $web is not specified and $topic has no web specifier.
To get an expected behaviour it is recommened to specify the current web for $web; don't leave it empty.

Since: TWiki::Plugins::VERSION 1.000 (14 Jul 2001)

isValidTopicName( $name ) -> $boolean

Check for a valid topic name. Names considerd valid for autolinking are
WikiWords (such as 'SanFrancisco') and acronym (such as 'SWMBO').

setTopicEditLock( $web, $topic, $lock )

$web Web name, e.g. "Main", or empty

$topic Topic name, e.g. "MyTopic", or "Main.MyTopic"

$lock 1 to lease the topic, 0 to clear an existing lease

Takes out a "lease" on the topic. The lease doesn't prevent
anyone from editing and changing the topic, but it does redirect them
to a warning screen, so this provides some protection. The edit script
always takes out a lease.

It is impossible to fully lock a topic. Concurrent changes will be
merged.

readTopicText( $web, $topic, $rev, $ignorePermissions ) -> $text

$rev - Topic revision to read, optional. Specify the minor part of the revision, e.g. "5", not "1.5"; the top revision is returned if omitted or empty.

$ignorePermissions - Set to "1" if checkAccessPermission() is already performed and OK; an oops URL is returned if user has no permission

Return: $text Topic text with embedded meta data; an oops URL for calling redirectCgiQuery() is returned in case of an error

This method is more efficient than readTopic, but returns meta-data embedded in the text. Plugins authors must be very careful to avoid damaging meta-data. You are recommended to use readTopic instead, which is a lot safer.

Since: TWiki::Plugins::VERSION 1.010 (31 Dec 2002)

attachmentExists( $web, $topic, $attachment ) -> $boolean

Test if attachment exists

$web - Web name, optional, e.g. Main.

$topic - Topic name, required, e.g. TokyoOffice, or Main.TokyoOffice

$attachment - attachment name, e.g. logo.gif

$web and $topic are parsed as described in the documentation for normalizeWebTopicName.

Since: TWiki::Plugins::VERSION 1.1

readAttachment( $web, $topic, $name, $rev ) -> $data

$web - web for topic

$topic - topic

$name - attachment name

$rev - revision to read (default latest)

Read an attachment from the store for a topic, and return it as a string. The
names of attachments on a topic can be recovered from the meta-data returned
by readTopic. If the attachment does not exist, or cannot be read, undef
will be returned. If the revision is not specified, the latest version will
be returned.

View permission on the topic is required for the
read to be successful. Access control violations are flagged by a
TWiki::AccessControlException. Permissions are checked for the current user.

Renames the topic. Throws an exception on error or access violation.
If $newWeb is undef, it defaults to $web. If $newTopic is undef, it defaults
to $topic. If $newAttachment is undef, it defaults to $attachment. If all of $newWeb, $newTopic and $newAttachment are undef, it is an error.

The destination topic must already exist, but the destination attachment must
not exist.

Rename an attachment to $TWiki::cfg{TrashWebName}.TrashAttament to delete it.

writeHeader( )

Note: In TWiki versions earlier than TWiki::Plugins::VERSION 1.3, this function used to have $query and $contentLength parameters. Both were marked "you should not pass this parameter".

Since: TWiki::Plugins::VERSION 1.000 (7 Dec 2002)

redirectCgiQuery( $query, $url, $passthru, $viaCache )

Redirect to URL

$query - CGI query object. Ignored, only there for compatibility. The session CGI query object is used instead.

$url - URL to redirect to

$passthru - enable passthrough.

$viaCache - forcibly cache a redirect CGI query. It cuts off all the params in a GET url and replace with a "?$cache=..." param. "$viaCache" is meaningful only if "$passthru" is true.

Return: none

Print output to STDOUT that will cause a 302 redirect to a new URL.
Nothing more should be printed to STDOUT after this method has been called.

The $passthru parameter allows you to pass the parameters that were passed
to the current query on to the target URL, as long as it is another URL on the
same TWiki installation. If $passthru is set to a true value, then TWiki
will save the current URL parameters, and then try to restore them on the
other side of the redirect. Parameters are stored on the server in a cache
file.

Note that if $passthru is set, then any parameters in $url will be lost
when the old parameters are restored. if you want to change any parameter
values, you will need to do that in the current CGI query before redirecting
e.g.

Special Handlers

Special handlers can be defined to make functions in plugins behave as if they were built-in to TWiki.

registerTagHandler( $var, \&fn, $syntax )

Should only be called from initPlugin.

Register a function to handle a simple variable. Handles both %VAR% and %VAR{...}%. Registered variables are treated the same as TWiki internal variables, and are expanded at the same time. This is a lot more efficient than using the commonTagsHandler.

$var - The name of the variable, i.e. the 'MYVAR' part of %MYVAR%. The variable name must match /^[A-Z][A-Z0-9_]*$/ or it won't work.

\&fn - Reference to the handler function.

$syntax can be 'classic' (the default) or 'context-free'. 'classic' syntax is appropriate where you want the variable to support classic TWiki syntax i.e. to accept the standard %MYVAR{ "unnamed" param1="value1" param2="value2" }% syntax, as well as an unquoted default parameter, such as %MYVAR{unquoted parameter}%. If your variable will only use named parameters, you can use 'context-free' syntax, which supports a more relaxed syntax. For example, %MYVAR{param1=value1, value 2, param3="value 3", param4='value 5"}%

Since: TWiki::Plugins::VERSION 1.1

The variable handler function must be of the form:

sub handler(\%session, \%params, $topic, $web)

where:

\%session - a reference to the TWiki session object (may be ignored)

\%params - a reference to a TWiki::Attrs object containing parameters. This can be used as a simple hash that maps parameter names to values, with _DEFAULT being the name for the default parameter.

$topic - name of the topic in the query

$web - name of the web in the query

$meta - topic meta-data to use while expanding, can be undef (Since TWiki::Plugins::VERSION 1.4)

Registered tags differ from tags implemented using the old TWiki approach (text substitution in commonTagsHandler) in the following ways:

registered tags are evaluated at the same time as system tags, such as %SERVERTIME. commonTagsHandler is only called later, when all system tags have already been expanded (though they are expanded again after commonTagsHandler returns).

registered tag names can only contain alphanumerics and _ (underscore)

registering a tag FRED defines both %FRED{...}%and also%FRED%.

registered tag handlers cannot return another tag as their only result (e.g. return '%SERVERTIME%';). It won't work.

registerRESTHandler( $alias, \&fn, )

Should only be called from initPlugin.

Adds a function to the dispatch table of the REST interface

$alias - The name .

\&fn - Reference to the function.

Since: TWiki::Plugins::VERSION 1.1

The handler function must be of the form:

sub handler(\%session)

where:

\%session - a reference to the TWiki session object (may be ignored)

From the REST interface, the name of the plugin must be used
as the subject of the invokation.

This adds the restExample function to the REST dispatch table
for the EmptyPlugin under the 'example' alias, and allows it
to be invoked using the URL

http://server:port/bin/rest/EmptyPlugin/example

note that the URL

http://server:port/bin/rest/EmptyPlugin/restExample

(ie, with the name of the function instead of the alias) will not work.

registerExternalHTTPHandler( \&fn )

Should only be called from initPlugin.

Adds a function to modify all the HTTP requests to any external resources.

\&fn - Reference to the function.

The handler function must be of the form:

sub handler(\%session, $url) -> (\@headers, \%params)

where:

\%session - a reference to the TWiki session object (may be ignored)

$url - a URL being requested

The returned \@headers and \%params are added to the request in the same
manner as getExternalResource, except that \%params will not override any
entries that have been set earlier.
All the params explicitly given by the caller of getExternalResource or
postExternalResource will have the highest precedence.

decodeFormatTokens($str) -> $unencodedString

TWiki has an informal standard set of tokens used in format
parameters that are used to block evaluation of paramater strings.
For example, if you were to write

%MYTAG{format="%WURBLE%"}%

then %WURBLE would be expanded before %MYTAG is evaluated. To avoid
this TWiki uses escapes in the format string. For example:

%MYTAG{format="$percntWURBLE$percnt"}%

This lets you enter arbitrary strings into parameters without worrying that
TWiki will expand them before your plugin gets a chance to deal with them
properly. Once you have processed your tag, you will want to expand these
tokens to their proper value. That's what this function does.

Searching

Search for a string in the content of a web. The search is over all content, including meta-data. Meta-data matches will be returned as formatted lines within the topic content (meta-data matches are returned as lines of the format %META:\w+{.*}%)

$searchString - the search string, in egrep format

$web - The web to search in

\@topics - reference to a list of topics to search

\%option - reference to an options hash

The \%options hash may contain the following options:

type - if regex will perform a egrep-syntax RE search (default '')

casesensitive - false to ignore case (default true)

files_without_match - true to return files only (default false). If files_without_match is specified, it will return on the first match in each topic (i.e. it will return only one match per topic, and will not return matching lines).

The return value is a reference to a hash which maps each matching topic
name to a list of the lines in that topic that matched the search,
as would be returned by 'grep'.

Using multiple disks

Returns IDs of disks used by TWiki. An disk ID is "" (a null string) or a decimal number without leading 0.

Since: TWiki::Plugins::VERSION 6.00

getDiskInfo($web, [$diskID]) -> ($dataDir, $pubDir, $diskID)

Returns the relevant paths and the disk ID of the specified web on the specified site.

Since: TWiki::Plugins::VERSION 6.00

trashWebName(web => $web | disk => $diskID) -> $trashWebName

Returns the name of the trash web to which topics of the $web web are moved.
Or returns the name of the trash web of the specified disk.

Each disk (file system) TWiki uses needs to have a trash web since a topic deletion may entail an attachment directory move, which is possible only within the same disk/file system.

Since: TWiki::Plugins::VERSION 6.00

General Utilities

getRegularExpression( $name ) -> $expr

Retrieves a TWiki predefined regular expression or character class.

$name - Name of the expression to retrieve. See notes below

Return: String or precompiled regular expression matching as described below.

Since: TWiki::Plugins::VERSION 1.020 (9 Feb 2004)

Note: TWiki internally precompiles several regular expressions to
represent various string entities in an I18N-compatible manner. Plugins
authors are encouraged to use these in matching where appropriate. The
following are guaranteed to be present. Others may exist, but their use
is unsupported and they may be removed in future TWiki versions.

In the table below, the expression marked type 'String' are intended for
use within character classes (i.e. for use within square brackets inside
a regular expression), for example:

buildWikiWord( $text ) -> $text

spaceOutWikiWord( $word, $sep ) -> $text

Spaces out a wiki word by inserting a string between each word component.
Word component boundaries are transitions from lowercase to uppercase or numeric,
from numeric to uppercase or lowercase, and from uppercase to numeric characters.

Parameter $sep defines the separator between the word components, the default is a space.

$timezone - either not defined (uses the displaytime setting), 'gmtime', or 'servertime'

Return: $text Formatted time string

Note: If you used the removed formatGmTime, add a third parameter 'gmtime'

Since: TWiki::Plugins::VERSION 1.020 (26 Feb 2004)

isTrue( $value, $default ) -> $boolean

Returns 1 if $value is true, and 0 otherwise. "true" means set to
something with a Perl true value, with the special cases that "off",
"false" and "no" (case insensitive) are forced to false. Leading and
trailing spaces in $value are ignored.

If the value is undef, then $default is returned. If $default is
not specified it is taken as 0.

Note: Function TWiki::Func::extractParameters is more efficient for extracting several parameters

entityEncode( $text, $extra ) -> $text

Entity encode text.

$text - Text to encode, may be empty

$extra - Additional characters to include in the set of encoded characters, optional

Return: $text Entity encoded text

Since: TWiki::Plugins::VERSION 6.00

Escape special characters to HTML numeric entities. This is not a generic
encoding, it is tuned specifically for use in TWiki.

HTML4.0 spec:
"Certain characters in HTML are reserved for use as markup and must be
escaped to appear literally. The "<" character may be represented with
an entity, &lt;. Similarly, ">"
is escaped as &gt;, and "&" is escaped
as &amp;. If an attribute value contains a
double quotation mark and is delimited by double quotation marks, then the
quote should be escaped as &quot;.

Other entities exist for special characters that cannot easily be entered
with some keyboards..."

This method encodes HTML special and any non-printable ASCII
characters (except for \n and \r) using numeric entities.

FURTHER this method also encodes characters that are special in TWiki
meta-language.

$extras is an optional param that may be used to include additional
characters in the set of encoded characters. It should be a string
containing the additional chars.

entityDecode( $text ) -> $text

Decode all numeric entities (e.g. &#123;). Does not decode
named entities such as &amp; (use HTML::Entities for that)

$text - Text to decode, may be empty

Return: $text Entity decoded text

Since: TWiki::Plugins::VERSION 6.00

urlEncode( $text ) -> $text

URL encode text, mainly used to encode URL parameters.

$text - Text to encode, may be empty

Return: $text URL encoded text

Since: TWiki::Plugins::VERSION 6.00

Encoding is done by converting characters that are illegal in
URLs to their %NN equivalents. This method is used for encoding
strings that must be embedded verbatim in URLs; it cannot
be applied to URLs themselves, as it escapes reserved
characters such as = and ?.

RFC 1738, Dec. '94:

...Only alphanumerics [0-9a-zA-Z], the special
characters $-_.+!*'(), and reserved characters used for their
reserved purposes may be used unencoded within a URL.

Reserved characters are $&+,/:;=?@ - these are also encoded by
this method.

This URL-encoding handles all character encodings including ISO-8859-*,
KOI8-R, EUC-* and UTF-8.

This may not handle EBCDIC properly, as it generates an EBCDIC URL-encoded
URL, but mainframe web servers seem to translate this outbound before it hits browser
- see CGI::Util::escape for another approach.

urlDecode( $text ) -> $text

URL decode text, mainly used to decode URL parameters.

$text - Text to decode, may be empty

Return: $text URL decoded text

Since: TWiki::Plugins::VERSION 6.00

Deprecated functions

From time-to-time, the TWiki developers will add new functions to the interface (either to TWikiFuncDotPm, or new handlers). Sometimes these improvements mean that old functions have to be deprecated to keep the code manageable. When this happens, the deprecated functions will be supported in the interface for at least one more TWiki release, and probably longer, though this cannot be guaranteed.

Updated plugins may still need to define deprecated handlers for compatibility with old TWiki versions. In this case, the plugin package that defines old handlers can suppress the warnings in %FAILEDPLUGINS%.

This is done by defining a map from the handler name to the TWiki::Plugins version in which the handler was first deprecated. For example, if we need to define the endRenderingHandler for compatibility with TWiki::Plugins versions before 1.1, we would add this to the plugin:

If the currently-running TWiki version is 1.1 or later, then the handler will not be called and the warning will not be issued. TWiki with versions of TWiki::Plugins before 1.1 will still call the handler as required.

The following functions are retained for compatibility only. You should
stop using them as soon as possible.

getScriptUrlPath( ) -> $path

Get script URL path

DEPRECATED since 1.1 - use getScriptUrl instead.

Return: $path URL path of TWiki scripts, e.g. "/cgi-bin"

WARNING: you are strongly recommended not to use this function, as the
{ScriptUrlPaths} URL rewriting rules will not apply to urls generated
using it.

TWiki-6.02 (Kampala Release)

TWiki CGI and Command Line Scripts

Programs on the TWiki server performing actions such as rendering, saving and renaming topics.

The TWiki scripts are located in the twiki/bin and twiki/tools directories. This topic describes the interfaces to some of those scripts. All scripts in the twiki/bin directory can be called from the CGI (Common Gateway Interface) environment or from the command line. The scripts in the twiki/tools directory can only be called from the command line.

CGI Scripts

Details on CGI scripts located in the twiki/bin directory.

General Information

CGI environment

In the CGI environment parameters are passed to the scripts via the URL and URL parameters. Environment variables are also used to determine the user performing the action. If the environment is not set up, the default TWiki user is used (usually guest).

Command-line

You must have the twiki/bin directory on the perl path to run the scripts from the command line. To avoid issues with file permissions, run the scripts as the web server user such as nobody or www.

Parameters are passed on the command line using '-name' - for example,

If this is set to a URL, TWiki will immediately redirect to that URL. Otherwise it overrides the URL and is taken as the topic name (you can pass Web.TopicName)

user

Command-line only; set the name of the user performing the action. Note: this usage is inherently insecure, as it bypasses webserver login constraints. For this reason only authorized users should be allowed to execute scripts from the command line.

TWikiAdminGroup

method

Commad-line only; set the HTTP request method. Some scripts requires the POST method under certain circumstances. In such a case, you need to specify the POST method to run the script from a command line.

Specifies temporary skin path to prepend to the skin path for this script only (see TWikiSkins)

attach

Despite the name, this script doesn't actually attach a file to a topic - for that, use upload. This script is part of the transactions sequence executed when a file is uploaded from the browser. it just generates the "new attachment" page for a topic.

changes

If 0, show only major changes. If 1, show all the changes (both minor and major)

0

The main difference between invoking this script and using WebChanges is that WebChanges is based on a %SEARCH%, while this script reads the changes file in each web, making it much faster.

Note: The result from changes script and the topic WebChanges can be different, if the changes file is deleted from a web. In particular, in new installations the changes script will return no results while the WebChanges topic will.

configure

configure is the browser script used for inspection and configuration of the TWiki configuration. None of the parameters to this script are useable for any purpose except configure. See configure.

edit

The edit script understands the following parameters, typically supplied by HTML input fields:

Optional. Use the editaction template instead of the standard edit. If action=text, then hide the form. If action=form hide the normal text area and only edit the form. You can change the Edit/Edit Raw buttons to always append the action parameter in skins like Pattern and Classic by setting the topic or preference variable EDITACTION to the value text or form. To edit the topic once the EDITACTION is defined as form simply remove the action=form from the browser URL of the edit script and reload the edit window

The name of the template topic, copied to get the initial content (new topic only)

text

Initial text for the topic

topicparent

The parent topic

formtemplate

Name of the form to instantiate in the topic. Overrides the form set in the templatetopic if defined. (will remove the form is set to 'none')

template

Specify a different skin template, overriding the 'edit' template the edit script would normally use. Use this for specialized templates in a TWiki Application. This parameter is not commonly used.

contenttype

Optional parameter that defines the application type to write into the CGI header. Defaults to text/html. May be used to invoke alternative client applications

anyname

Any parameter can passed to the new topic; if the template topic contains %URLPARAM{"anyname"}%, it will be replaced by its value

breaklock

If set, any lease conflicts will be ignored, and the edit will proceed even if someone is already editing the topic.

redirectto

If the user continues from edit to save, and if the save (or cancels the edit) process is successful, save will redirect to this topic or URL. The parameter value can be a TopicName, a Web.TopicName, or a URL.Note: Redirect to a URL only works if it is enabled in configure (Security setup > Miscellaneous {AllowRedirectUrl}).

t

Provide a unique URL each time a topic is edited, typically specifying parameter t=%SERVERTIME{$epoch}% in an edit link. This is done to prevent browsers from caching an edit session, which could result in editing outdated content. The parameter name and value is arbitrary, but must be unique each time.

Form field values are passed in parameters named 'field' - for example, if I have a field Status the parameter name is Status.

The first sequence of ten or more X characters in the topic name will be converted on save to a number such that the resulting topic name is unique in the target web.

Note: Most skins support the definition of EDIT_SKIN, which is used as the value of the cover parameter in edit URLs. This allows you to override the default edit skin on a web, topic or user basis.

login

Used for logging in when TWiki login is being used (e.g TemplateLoginManager).

URL that was being accessed when an access violation occurred. the login process will redirect to this URL if it is successful

none

username

username of user logging in

none

password

password of user logging in

none

logon

Used for logging in when Web Server authentication is being used (e.g. ApacheLoginManager). The script does nothing; it is purely a placeholder for triggering the login process. The webserver will be set up to require a valid user to access this script, thus triggering the webserver login process.

action=editSettings

action=saveSettings

If the savesettings process is successful, save will redirect to this topic or URL. The parameter value can be a TopicName, a Web.TopicName, or a URL.Note: Redirect to a URL only works if it is enabled in configure (Security setup > Miscellaneous {AllowRedirectUrl}).

All other parameters may be interpreted as form fields, depending on the current form definition in the topic.

BulkRegistration provides the means to create multiple accounts but it does not announce those accounts to the users who own them. BulkResetPassword is used to assign the passwords, the Introduction is used to explain why they are receiving the mail.

Optional, can be set to the name of a single definition within template. This definition will be instantiated in the template wherever %INSTANTIATE% is seen. This lets you use a single template file for many messages. For an example, see oopsmanagebad.tmpl.

paramN

Where N is an integer from 1 upwards. These values will be substituted into template for %PARAM1% etc.

preview

This script is deprecated. Its functions are covered by the save script.

If the rename process is successful, rename will redirect to this topic or URL. The parameter value can be a TopicName, a Web.TopicName, or a URL.Note: Redirect to a URL only works if it is enabled in configure (Security setup > Miscellaneous {AllowRedirectUrl}).

disablefixlinks

Bypass fixing WikiWord links in the rename destination topic if rename is done across webs. Fixing links in the renamed topic such as from SomeLink to Otherweb.SomeLink is usually desirable so that links in the copied topic still point to the same target

off (links are fixed)

Note: The rename script can only be called via http POST method, not GET. Make sure you specify method="post" if you call the rename script via a form action.

copy

Used for copying the current topic in its entirety including its history and attachments.

if defined, a non-wikiword is acceptable for the destination topic name

redirectto

If the copy process is successful, copy will redirect to this topic or URL. The parameter value can be a TopicName, a Web.TopicName, or a URL.Note: Redirect to a URL only works if it is enabled in configure (Security setup > Miscellaneous {AllowRedirectUrl}).

overwrite

By default, copy does not happen if the destination topic already exists. If this parameter is 'on', the destination topic is deleted if exists before copying takes place

off (no overwrite)

disablefixlinks

Bypass fixing WikiWord links in the copy destination topic if copy is done across webs. Fixing links in the copied topic such as from SomeLink to Otherweb.SomeLink is usually desirable so that links in the copied topic still point to the same target

off (links are fixed)

mdrepo

rest

This REST (Representational State Transfer) script can be invoked via http in the same way as the other TWiki scripts (see Invocation Examples, below) to execute a function that is associated to a "subject" and a "verb" (see below). These functions are usually registered by plugins using the TWiki::Func::registerRESTHandler method. The rest script will print the result directly to the browser unless the endPoint parameter is specified, in which case it will output a redirect to the given topic.

The rest script supports the following parameters:

username

If TemplateLogin, or a similar login manager not embedded in the web server, is used, then you need to pass a username and password to the server. The username and password parameters are used for this purpose.

password

See username

topic

If defined as the full name (including web) of a topic, then when the script starts up plugins will be passed this as the "current" topic. If not defined, then Main.WebHome will be passed to plugins.

endPoint

Where to redirect the response once the request is served, in the form "Web.Topic"

The function is free to use any other query parameters for its own purposes.

Note: The rest script should always require authentication in any TWiki that has logins. Otherwise there is a risk of opening up major security holes. So make sure you add it to the list of authenticated scripts if you are using ApacheLogin.

Invocation Examples

The rest script assumes that it will be called with URL in the form:

http://my.host/bin/rest/<subject>/<verb>

where <subject> must be the WikiWord name of one of the installed TWikiPlugins, and the <verb> is the alias for the function registered using the TWiki::Func::registerRESTHandler method. The <subject> and <verb> are then used to lookup and call the registered function.

<subject> and <verb> are checked for illegal characters exactly in the same way as the web and topic names.

As an example, the EmptyPlugin has registered a function to be used with the rest script under the subject EmptyPlugin and the verb example. Click below to see the rest script in action (run as TWikiGuest).

Administrators only delete the most recent revision of the topic - all other parameters are ignored. You have to be an administrator to use this, and not all store implementations will support it.

action_repRev

Administrators only replace the text of the most recent revision of the topic with the text in the text parameter. text must included embedded meta-data tags. All other parameters are ignored. You have to be an administrator to use this, and not all store implementations will support it.

Name of a topic to use as a template for the text and form (new topic only)

text

New text of the topic

forcenewrevision

if set, forces a revision even if TWiki thinks one isn't needed

topicparent

If 'none' remove any current topic parent. If the name of a topic, set the topic parent to this.

formtemplate

if defined, use the named template for the form (will remove the form is set to 'none')

editaction

When action is checkpoint, add form or replace form..., this is used as the action parameter to the edit script that is redirected to after the save is complete.

originalrev

Revision on which the edit started.

edit

The script to use to edit the topic when action is checkpoint

edit

editparams

The parameter string to use to edit the topic

redirectto

The save process will redirect to this topic or URL if it is successful. (Typically this would be the URL that was being viewed when edit was invoked). The parameter value can be a TopicName, a Web.TopicName, or a URL.Note: Redirect to a URL only works if it is enabled in configure (Security setup > Miscellaneous {AllowRedirectUrl}).

view topic being edited

Any errors will cause a redirect to an oops page.

The parameters are interpreted in according to the following rules.

The first sequence of ten or more X characters in the topic name will be converted to a number such that the resulting topic name is unique in the target web.

When the action is save, checkpoint, quietsave, or preview:

The new text is taken from the text parameter, if it is defined,

otherwise it is taken from the templatetopic, if it is defined, (new topic only)

otherwise it is taken from the previous version of the topic, if any,

The name of the new form is taken from the formtemplate, if defined

otherwise it is taken from the templatetopic, if defined, (new topic only)

otherwise it is taken from the previous version of the topic, if any,

otherwise no form is attached.

The value for each field in the form is taken from the query, if it is defined

otherwise it is taken from the templatetopic, if defined, (new topic only)

otherwise it is taken from the previous version of the topic, if any,

otherwise it defaults to the empty string.

Merging is only enabled if the topic text comes from text and originalrev is > 0 and is not the same as the revision number of the most recent revision. If merging is enabled both the topic and the meta-data are merged.

Form field values are passed in parameters named 'field' - for example, if I have a field Status the parameter name is Status.

Note: The save script can only be called via http POST method, not GET. Make sure to specify the "post" method if you call the save script via a form action. Example:

Sort the results of search by the topic names, topic creation time, last modified time, last editor, parent topic name, or named field of TWikiForms. The sorting is done web by web; in case you want to sort across webs, create a formatted table and sort it with TablePlugin's initsort

Sort by topic name

limit="all"limit="16"

Limit the number of results returned. This is done after sorting if sort is specified

All results

date="..."

limits the results to those pages with latest edit time in the given time interval.

Expand variables before applying a FormattedSearch on a search hit. Useful to show the expanded text, e.g. to show the result of a SpreadSheetPlugin%CALC{}% instead of the formula

Raw text

multiple="on"

Multiple hits per topic. Each hit can be formatted. The last token is used in case of a regular expression ";" and search

Only one hit per topic

nofinalnewline="on"

If on, the search variable does not end in a line by itself. Any text continuing immediately after the search tag on the same line will be rendered as part of the table generated by the search, if appropriate.

upload

Local (client) path name of the file being uploaded. This is used to look up the data for the file in the HTTP query.

filename

Deprecated, do not use

filecomment

Comment to associate with file in attachment table

createlink

If defined, will create a link to file at end of topic

changeproperties

If defined, this is a property change operation only - no file will be uploaded.

null

updatefield

If defined and if the value matches the name of a form field, it will update that form field with the format defined by the updateformat parameter.

updateformat

Format of the value of the form field indicated by the updatefield parameter. The default is the name of the attached file, but can be set to include more, such as the path to the image, %PUBURL%/%BASEWEB%/%BASETOPIC%/$filename.

$filename

You can use a tool like curl to upload files from the command line using this script.

Note: The upload script can only be called via http POST method, not GET.

view

As raw=on, but also shows the metadata (forms etc) associated with the topic.

raw=text

Shows only the source of the topic, as plain text (Content-type: text/plain). Only shows the body text, not the form or other meta-data.

raw=expandvariables

Similar to raw=text but TWiki variables are expanded.

raw=all

Shows only the source of the topic, as plain text (Content-type: text/plain), with embedded meta-data. This may be useful if you want to extract the source of a topic to a local file on disc.

section

Allows to view only a part of the topic delimited by a named section (see VarSTARTSECTION). If the given section is not present, no topic content is displayed.

contenttype

Allows you to specify a different Content-Type: (e.g. contenttype=text/plain)

rev

Revision to view (e.g. rev=45)

template

Allows you to specify a different skin template, overriding the 'view' template the view script would normally use. The default template is view. For example, you could specify /twiki/bin/view/TWiki/TWikiScripts?template=edit. This is mainly useful when you have specialized templates for a TWiki Application.

topic

redirects to show the specified Web.Topic, or, redirects to a URL, if allowed by {AllowRedirectUrl} and {PermittedRedirectHostUrls} configure settings

createifnotexist

If createifnotexist is set to 1 and in case the topic does not exist, it is created automatically on view. Useful to create topics automatically based on a specific template (see example below). Behind the scene, the view script redirects first to the save script, passing along all URL parameters. Thus all URL parameters of the save script can be used, such as templatetopic, topicparent and redirectto. Next, the save script creates the topic and redirects back to the view script (or displays an error in case there were any issues creating the topic).

extralog

Add additional text to TWiki log, next to the user agent string. Useful to log actions by cache scripts and crawlers.

Example use of createifnotexist to link to the bookmark page of a user, and to create the page on the fly if needed:[[%SCRIPTURL{view}%/%USERSWEB%/%WIKINAME%Bookmarks?createifnotexist=1&amp;templatetopic=%SYSTEMWEB%.UserBookmarksTemplate&amp;topicparent=%WIKINAME%][Bookmarks]]

For historical reasons, the view script has a special interpretation of the text skin. In earlier TWiki versions the skin=text parameter was used like this:
http://.../view/MyWeb/MyTopic?skin=text&contenttype=text/plain&raw=on
which shows the topic as plain text; useful for those who want to download plain text for the topic.
Using skin=text this way is DEPRECATED, use raw=text instead.

viewfile

Used for viewing attachments. Normally, a site will publish the attachments (pub) directory using a URL. However if it contains sensitive information, you will want to protect attachments using TWikiAccessControls. In this case, you can use the viewfile script to give access to attachments while still checking access controls.

Instead of using the filename parameter, you can append the attachment name
to the end of the URL path (after the topic) e.g. http://denali.phys.uniroma1.it/twiki/bin/viewfile/Webname/TopicName/Attachment.gif
In that case, determining the attachment file name is non-trivial -- please consider a file name having multiple dots and a file name having no dots.
As such, the process of determining the file name is put on the debug log if debug=1 URL parameter is supplied.

Command Line Scripts

Details on command line scripts located in the twiki/tools directory.

geturl.pl

This is a very simple script to get the content of a web site. It is marked as deprecated and might be removed (or enhanced) in a future TWiki release. Its functions are covered by the standard wget and curl commands.

Usage: geturl.pl <host> <path> [<port> [<header>]]

Example: geturl.pl some.domain /some/dir/file.html 80

Will get: http://some.domain:80/some/dir/file.html

rewriteshebang.pl

Simple script to rewrite the #!/usr/bin/perl shebang lines specific to your local Perl installation. It will rewrite the first line of all your TWiki cgi scripts so they use a different shebang line. Use it if your perl is in a non-standard location, or you want to use a different interpreter (such as 'speedy').

tick_twiki.pl

This script executes a number of non-essential regular administration tasks that will help keep your TWiki healthy and happy, such as removing expired sessions and lease files.

It is intended to be run as a cron job or a scheduled task once a week. Example crontab entry:0 0 * * 0 cd /usr/twiki/bin && perl ../tools/tick_twiki.pl

Note: The script has to be run by a user who can write files created by the webserver user.

Page Rendering Process

Overview of how TWiki works

To achieve a goal in TWiki either by making use of existing features or implementing new features, good understanding of how TWiki works is crucial.
That said, this topic explains how TWiki processes various TWiki operations - view, edit, save, attach, upload, etc.

Basics

Here's the basic steps of the page rendering by TWiki.

Preferences variables are read. TWikiVariables#PreferencesVariables describes what exactly happens in this step. This step is taken regardless of script (view, edit, etc.) while the steps below may not happen. For example, the save script saves the topic text and then redirects to the corresponding view URL hence the script doesn't take the following steps

The page template for the script is read and expanded. TWikiTemplates explains this step

TWiki variables in the template are expanded. A view and edit templates have %TEXT%, which is expanded to the raw text of the page

TWiki markup is converted into HTML

Preferences variables are read

Preferences variables are defined at an early stage of TWiki processing.
After this step, no preferences variables are set.

Please note that topics INCLUDE'd by the current topic are not read for preferences variables.
%SET{"VARIABLE" value="VALUE"}% and %CALCULATE{"$SET(VARIABLE, VALUE)"}% in an INCLUDE'd topic take effect since %INCLUDE{...}%, %SET{...}%, and %CALCULATE{...}% are variables expanded in a later stage.
But " * Set VARIABLE = VALUE" in an INCLUDE'd topic doesn't have a chance to be read.

Template is read and expanded

As mentioned above, TWikiTemplates describes how a template is selected and read.
It's worth mentioning that template expansion happens before variable expansion.
At the end of step, all template directives are resolved,
hence there aren't any %TMPL:XXX{...}% or %TMPL:XXX%.

Variable expansion

Variables may be nested - a variable may be a parameter of another variable and there is no limitation of nesting level.
If variables are nested, they are processed from the inner-most to the outer-most.

A topic may have any number of variables. Variables at the same nesting level are processed from top to bottom.

Plugins

So far, how plugins are involved with page rendering hasn't been discused. Here's how.

In many cases, plugins introduce predefined variables such as %CALCULATE{...}% and %GET{...}%.
Those don't make structural difference to how a TWiki topic is written.
Those variables are introduced by calling e.g. TWiki::Func::registerTagHandler('CALCULATE', \&_CALCULATE) in initPlugin() in the plugin code file.

Some plugins extend TWiki markup.
For example, the table notation in TWiki (an example shown below) is provided by the TablePlugin. Though the table notation is regarded as an integral part of TWiki markup, it is implemented by a plugin rather than the TWiki core.

| One One | One Two | One Three |
| ^ | Two Two | Two Three |
| Three One | ^ | Three Three |

There are various places in the TWiki core where functions provided by plugins are called.
For example, TablePlugin has a function named preRenderingHandler() defined.
It's called before the TWiki markup to HTML conversion takes place.

As you can imagine, if a plugin has postRenderingHandler() defined, it's called after the core TWiki markup to HTML processing.

A plugin may have commonTagsHandler() defined, which is called immediately after normal TWiki variables are expanded.
Since a commonTagsHandler() may yield TWiki variables, normal TWiki variable expansion is conducted again after that.

SpreadSheetPlugin has commonTagsHandler() defined to process %CALC{...}%. You may think %CALC{...}% can be implemented simply by TWiki::Func::registerTagHandler() but it cannot be since %CALC{...}% needs to look outside its parameters to do things such as %CALC{"$SUM($ABOVE())"}%.

In addition to preRenderingHandler(), postRenderingHandler(), and commonTagsHandler(), there are other functions called from TWiki core as well.
You can see the complete list of such functions on EmptyPlugin.pm in the EmptyPlugin.

TWiki Site Tools

Utilities for searching, navigation, and monitoring site activity

TWiki Site Tools include utilities for navigating, searching and keeping up with site activity. Preferences can be configured by web or site-wide. You are currently in the TWiki web. In particular, TWiki provides two highly configurable, automated site monitoring tools, WebNotify, to e-mail alerts when topics are edited, and WebStatistics, to generate detailed activity reports.

WebNotify - recent changes alert

Each TWiki web has an automatic e-mail alert service that sends a list of recent changes on a preset schedule, like once a day. Users can subscribe and unsubscribe using WebNotify in each web. The Perl script mailnotify is called by a background process at regular intervals. The script sends an automated e-mail to subscribed users if topics were changed in a web since the script was last run.

Web Changes Notification Service

Each TWiki web has an automatic e-mail notification service that sends you an e-mail with links to all of the topics modified since the last alert.

Tip: Instead of subscribing here, it is easier to "watch" topics of interest. Watching topics gives you the choice of immediate notification or digest notification.

Users subscribe to email notifications using their WikiName or an alternative email address, and can specify the webs/topics they wish to track, Whole groups of users can also be subscribed for notification.

The general format of a subscription is:

three spaces*subscriber [ :topics ]

Where subscriber can be a WikiName, an E-mail address, or a
group name. If subscriber contains any characters that are not legal in
an email address, then it must be enclosed in 'single' or "double" quotes. Please note that the guest user TWikiGuest does not have an email address mapped to it, and will never receive email regardless of the configuration of that user.

topics is an optional space-separated list of topics:

... without a Web. prefix

...that exist in this web.

Users may further customize the specific content they will receive using the following controls:

Using wild-card character in topic names - You can use * in a topic name, where it is treated as a wildcard character. A * will match zero or more other characters - so, for example, Fred* will match all topic names starting with Fred, *Fred will match all topic names ending with Fred, and * will match all topic names.

Unsubscribing to specific topics - Each topic may optionally be preceded by a '+' or '-' sign. The '+' sign means "subscribe to this topic". The '-' sign means "unsubscribe" or "don't send notifications regarding this particular topic". This allows users to elect to filter out certain topics. Topic filters ('-') take precedence over topic includes ('+') i.e. if you unsubscribe from a topic it will cancel out any subscriptions to that topic.

Including child-topics in subscription - Each topic may optionally be followed by an integer in parentheses, indicating the depth of the tree of children below that topic. Changes in all these children will be detected and reported along with changes to the topic itself. Note This uses the TWiki "Topic parent" feature.

Subscribing to entire topic ("news mode") - Each topic may optionally be immediately followed by an exclamation mark ! and/or a question mark ? with no intervening spaces, indicating that the topic (and children if there is a tree depth specifier as well) should be mailed out as complete topics instead of change summaries. ! causes the full topic to be mailed every time even if there have been no changes, and ? will mail the full topic only if there have been changes. One can limit the content of the subscribed topic to send out by inserting %STARTPUBLISH% and %STOPPUBLISH% markers within the topic. Note that "news mode" subscriptions require a corresponding cron job that includes the "-news" option (see details).

Examples:
Subscribe Daisy to all changes to topics in this web.

* daisy.cutter@flowers.com

Subscribe Daisy to all changes to topics that start with Web.

* daisy.cutter@flowers.com : Web*

Subscribe Daisy to changes to topics starting with Petal, and their immediate children, WeedKillers and children to a depth of 3, and all topics that match start with Pretty and end with Flowers e.g. PrettyPinkFlowers

* DaisyCutter: Petal* (1) WeedKillers (3) Pretty*Flowers

Subscribe StarTrekFan to changes to all topics that start with Starexcept those that end in Wars, sInTheirEyes or shipTroopers.

* StarTrekFan: Star* - *Wars - *sInTheirEyes - *shipTroopers

Subscribe Daisy to the full content of NewsLetter whenever it has changed

* daisy@flowers.com: NewsLetter?

Subscribe buttercup to NewsLetter and its immediate children, even if it hasn't changed.

* buttercup@flowers.com: NewsLetter! (1)

Subscribe GardenGroup (which includes Petunia) to all changed topics under AllnewsLetters to a depth of 3. Then unsubscribe Petunia from the ManureNewsLetter, which she would normally get as a member of GardenGroup:

In addition to single quotes ('), double quotes (") do the same job for a non-TWiki group.

A user may be listed many times in the WebNotify topic. Where a user has several lines in WebNotify that all match the same topic, they will only be notified about changes that topic once (though they will still receive individual mails for news topics).

If a group is listed for notification, the group will be recursively expanded to the e-mail addresses of all members.

Warning: Because an email address is not linked to a user name, there is no way for TWiki to check access controls for subscribers identified by email addresses. A subscriber identified by an email address alone will only be sent change notifications if the topic they are subscribed to is readable by guest users. You can limit what email addresses can be used in WebNotify, or even block use of emails altogether, using the {MailerContrib}{EmailFilterIn} setting in =configure.

Tip: List names in alphabetical order to make it easier to find the names.

Note for System Administrators: Notification is supported by an add-on to the TWiki kernel called the MailerContrib. See the MailerContrib topic for details of how to set up this service.

WebChanges - what's new

To check for the most recently edited topics while on-site, use the WebChanges link, usually located in the toolbar. It lists the most recently modified topics, newest first, along with the first couple of lines of the page content.

This is simply a preset SEARCH. The number of topics listed by the limit parameter.:

WebIndex - list of topics

WebIndex lists all web topics in alphabetical order, with the first couple of lines of text. This is simply a preset SEARCH:

%SEARCH{
"\.*"
scope="topic"
type="regex"
nosearch="on"
}%

WebStatistics - site statistics

You can generate a listing manually, or on an automated schedule, of visits to individual pages, on a per web basis. Compiled as a running total on a monthly basis. Includes totals for Topic Views, Topic Saves, Attachment Uploads, Most Popular Topics with number of views, and Top Contributors showing total of saves and attachment uploads. Previous months are saved.

TWiki also generates overall site usage statistics in Main.SiteStatistics (do not create that page, it is created automatically based on SiteStatisticsTemplate). On a monthly basis, the following items are recorded using system data and TWiki log data across all webs: Number of webs, number of topics, number of attachments, number of topic views, number of topic updates, number of files uploads, data size, pub size, disk use, number of users, number of groups, number of plugins installed compared to total number of plugins available, and the 10 top contributors.

Configuring for automatic operation

You can automatically generate usage statistics for the whole site and all webs. To enable this:

Make sure variable {Log}{view}, {Log}{save} and {Log}{upload} are set in configure. This will generate log file entries (see below).

Call the twiki/bin/statistics script from a cron job - once a day is recommended. This will update the SiteStatistics and the WebStatistics topics in all webs.

Attention: The script must run as the same user as the CGI scripts are running, such as user nobody or www-data. Example crontab entry: 0 0 * * * (cd /path/to/twiki/bin; ./statistics >/dev/null 2>&1)

There is a workaround in case you can't run the script as user nobody : Run the utility twiki/tools/geturl.pl in your cron job and specify the URL of the twiki/bin/statistics script as a parameter. Example: 0 0 * * * (cd /path/to/twiki/tools; ./geturl.pl mydomain.com /urlpath/to/twiki/bin/statistics >/dev/null 2>&1)

NOTE:geturl.pl will do a TWiki CGI request as the TWikiGuest user, so if you use this workaround, the WebStatistics topics you are updating will have to be writable by TWikiGuest.

When running from the command line or a cron job, you can pass parameters to the script like this:

cd twiki/bin; ./statistics -logdate 2011-05 -webs TWiki,Sandbox

Generating statistics manually by URL

If {Stats}{DisableInvocationFromBrowser} config parameter is false (it's false in this installation), the twiki/bin/statistics script can also be executed as a CGI script - just enter the URL in your browser. Examples:

Update current month for all webs you have access to: /twiki/bin/statistics

Update current month for Main web only: /twiki/bin/statistics/Main

Update May 2019 for Main web: /twiki/bin/statistics/Main?logdate=2019-05

Update May 2019 for the ProjectX, ProjectY and ProjectZ webs: /twiki/bin/statistics?logdate=2019-05;webs=ProjectX,ProjectY,ProjectZ

The maximum number of items in columns

There are columns having a list of items.
The maximum number of items listed in a column is specified as follows.

Affiliation breakdown of views, saves, and uploads

If you run TWiki in an orgaization, you may want to see division breakdown of topic views, topic saves, and file uploads - in a month, how many topic views are there from the R&D division, the Sales division, etc.

You can have affiliation breakdown at the Topic views, Topic saves, and File uploads columns of WebStatistics and SiteStatistics as follows.

Affiliation breakdown is turned off by default.
To turn it on, you need to do two things.

Provide getAffiliation($cUID) object method in the current user mapping handler. It's supposed return the affiliation (division, department, etc.) of the $cUID. If the affiliation is unknown, it returns undef.

Set {Stats}{Breakdown} configuration papameter true by putting the following line in lib/LocalSite.cfg.

$TWiki::cfg{Stats}{Breakdown} = 1;

Excluding some webs from WebStatistics update

You can exclude webs from WebStatistics update by specifying {Stats}{ExcludedWebRegex} config parameter as follows.

There are webs not worth updating WebStatistics such as the Trash web. When a web is deleted, it becomes a subweb of the Trash web. By default, not only the Trash web but also subwebs of the Trash web are subject to WebStatistics update.

On a large TWiki site, you may have dozens of Trash webs - you may rotate Trash webs and you may be UsingMultipleDisks (each disk requires its own Trash - e.g. Trashx1x and Trashx2x). If you have Trash, Trash1, ..., Trash10 for rotation and if you use 3 disks for TWiki, you end up having 33 Trashes.

Preventing WebStatistics and SiteStatistics from growing big

WebStatistics topics grow in size every month. By default you have only 10 lines per month, but you may have a lot more. If so, in 5 years, WebStatistics gets really big. Besides, if you run the statistics script every day, you increase the revision of each WebStatistics by one every day. If a topic has hundreds of revision, some operations such as getting the original creator of the topic takes long.

There is an option to prevent the boundless growth of WebStatistics.
If you set $TWiki::cfg{Stats}{TopicPerYear} true, the statistics script writes the result to WebStatisticsYYYY where YYYY is the current year (e.g. WebStatistics2019) instead of WebStatistics. The parameter is false by default.

If TWiki:Plugins/RedirectPlugin is installed, viewing WebStatistics causes redirection to the WebStatisticsYYYY of the year. Otherwise, WebStatistics shows links to WebStatisticsYYYY topics.

After you change {Stats}{TopicPerYear} to true but before you run the statistics script, you should run twiki/tools/switch2yearlystats to rename WebStatistics of all webs to WebStatisticsYYYY of the year. In case WebStatistics is not in the same format as its current template, it's renamed to WebStatistics0000.

The description above is applied to Main.SiteStatistics as well.
If {Stats}{TopicPerYear} is true:

The site-wide statistics are written to Main.SiteStatisticsYYYY of the year instead of Main.SiteStatistics

Main.SiteStatistics shows the list of Main.SiteStatisticsYYYY topics or redirects to the latest one depending on the availability of RedirectPlugin.

twiki/tools/switch2yearlystats renames Main.SiteStatistics to Main.SiteStatisticsYYYY of the year or Main.SiteStatistics0000.

Upgrade from pre 6.0

Statistics topic conversion

There are several changes made to WebStatistics and SiteStatistics.
If existing statistics topics are kept as they are, topic update by the statistics script doesn't work well.
By running tools/convert_stats_twiki6 after upgrade, all statistics topics are converted for the current version of statistics.

Top Contributors on SiteStatistics

The number of contributors listed on the "Top Contributors" column on SiteStatistics is specified by {Stats}{SiteTopContrib}.
Prior to TWiki 6.0, it was specified by {Stats}{TopContrib}.
If you have a custom {Stats}{TopContrib} value, you need to set {Stats}{SiteTopContrib} as well. Otherwise, the number of "Top Contributors" on SiteStatistics becomes the default value, which is 10.

Log Files

TWiki generates monthly log files which are used by the statistics script

E-mail

Configuring outgoing mail

TWiki will use the Net::SMTP module if it is installed on your system. Set this with the {SMTP}{MAILHOST} setting in configure.

You can define a separate {SMTP}{SENDERHOST} configure setting to set the mail sender host - some SMTP installations require this.

If you are using SELinux (Security-Enhanced Linux) you might need to configure it to allow TWiki to send e-mails: $ sudo setsebool -P httpd_can_sendmail on$ sudo setsebool -P httpd_can_network_connect on

You can use an external mail program, such as sendmail, if the Net::SMTP module is not installed or not functioning properly. Set the program path in {MailProgram} and set {SMTP}{MAILHOST} to an empty value in configure.

The notify e-mail uses the default changes.tmpl template, or a skin if activated in the TWikiPreferences.

mailnotify also relies on two hidden files in each twiki/data/Web directory: .changes and .mailnotify. Make sure both are writable by your web server process. .changes contains a list of changes; go ahead and make this empty. .mailnotify contains a timestamp of the last time notification was done.

Setting the automatic e-mail schedule

For Unix platforms: Edit the cron table so that mailnotify is called in an interval of your choice. Please consult man crontab of how to modify the table that schedules program execution at certain intervals. Example:

The above line will run mailnotify nightly at 01:00. The -q switch suppresses all normal output. Details at MailerContrib.

For ISP installations: Many ISPs don't allow hosted accounts direct cron access, as it's often used for things that can heavily load the server. Workaround scripts are available.

On Windows: You can use a scheduled task if you have administrative privileges. TWiki:Codev/CronTabWin is a free scheduler for Windows.

Site Permissions

TWikiAccessControl describes how to restrict read and write access to topics and webs, by users and groups

SitePermissions lists the permissions settings of the webs on this TWiki site

Backup and Restore

TWiki has a solution to backup, restore and upgrade TWiki sites. It can be used via browser and on the command line. The BackupRestorePlugin is pre-installed in TWiki-5.1 and later releases; it can be installed in older TWiki releases as low as TWiki-2001-09-01 (Athens Release) to easily create a backup that can be restored on a new TWiki release. This offers an easy upgrade path for TWiki. See also TWikiUpgradeGuide.

Help with crontab

The crontab command is used to schedule commands to be executed periodically.

Managing Topics

Overview

You can use browser-based controls to change a topic's name, move it to another TWiki web, or delete it to a hidden Trash web.

How to Rename/Move/Delete a Topic

Click on [More topic actions] (bottom right of page) on the topic to be changed, then, in the new screen, on [Delete topic] or [Rename/move topic]. You can now rename and/or move/delete in one operation:

To web: Select the target web if other than the current web.

To topic: Enter the new topic name - default is current name NOTE: You'll be warned if any of the topics to be affected are locked (being edited), or if there is a name conflict.

Update links: Prevent updates by unchecking individual items on the list of referring links - these topics will NOT to be updated with the new name (by default, all referring links will be updated).

Click on [Rename/Move]: the topic will be renamed and links to the topic updated as requested.

If any of the referring pages are locked then they will be listed: you can correct these later by again pressing [Rename/Move].

There is a Put back feature that allows you to undo a Rename/Move/Delete - an instruction line and undo link will appear at the bottom of the modified topic. This allows you to revert from the last modification only.

Deleted Topics: How to Clear the Trash

Deleted topics are moved to a special Trash web - they are NOT physically erased from the server. All webs share Trash - in case of a name conflict with a topic already Trash, the user is alerted and asked to choose a new name.

The Trash web should be be cleared periodically, by archiving (saving) the text and RCS files if required (recommended), then deleting them from the Trash directory.

This can only be done from on the server, not through the browser.

Since simple FTP access to the Trash directory is all that's required for maintenance, it's possible to grant Trash admin privileges to multiple users, while strictly limiting server access.

%METASEARCH{type="topicmoved" web="%WEB%" topic="%TOPIC%"
title="This topic used to exist and was moved to: "}%

Note: Do not modify the TWiki.WebTopicViewTemplate - modifications would be lost on the next TWiki upgrade. Instead, create a WebTopicViewTemplate in the Main web with the same content and modify it to your needs.

How Rename/Move Works

%SEARCH%, with a special template, finds and displays all occurrences of the topic name in other topics, site-wide. These referring links are by default automatically changed to the new topic and/or web name. This includes relevant TWikiMetaData definitions.

User can omit one or more topics from the update list by unchecking them.

<pre> and <verbatim> are honored - no changes are made to text within these areas.

The topic is moved (if locks allow).

References are changed (locks and permissions permitting).

Any referring topics that can't be changed due to locks are listed - user can take note and change them at another time.

How Referring Topics Are Found

First, matching topics in the current web are listed - matches are to topic. Next, all webs (including the current one) are listed that match web.topic. All webs will be searched during rename, even if NOSEARCHALL is defined on a web, though access permissions will of course be honored.

Changed references are kept are as short as possible, ex: topic is used in preference to web.topic.

Effect of User Access Settings

User permissions affect the 'rename' functions in various ways. To rename a topic, you need all of VIEW, CHANGE and RENAME access to that topic. To alter referring topics, you need CHANGE access. See TWikiAccessControl for information on setting up access permissions.

Special Considerations

Consider carefully whether to make browser-based Rename/Move/Delete widely available, or to restrict it to an administrator/moderator group. Allowing all users to easily manipulate topics can be extremely useful in refactoring a busy web or site. However, there are at least two significant potential drawbacks to take into account:

When referring links are updated, the modified topics appear in WebChanges, creating the impression that editorial changes were made. This can undermine the usefulness of WebChanges.

Due to current limitations, fairly heavy use of Rename/Move/Delete functions can lead to an accumulation of minor technical problems (ex: broken links) and usability issues (ex: user confusion). If Rename... is used heavily, these negatives will obviously increase, in number and effect.

Ultimately, the size, objectives, and policies of your TWiki site, the real-world behavior of your user group, and most importantly, the initial TWiki site management leadership, will determine the most effective implementation of this feature, and the success of the site overall.

Known Issues

Rename/Move is fairly complicated due to the dynamic generation of links. Ideally, it would be possible to run the required part of rendering in a way that would allow identification of the text to be changed. Unfortunately, these hooks don't exist in TWiki at present. Instead, %SEARCH% is used with a special template to show the text to be changed, and the selected topics are then altered. One drawback is that search can show matches that will not be updated due to case differences. Other mismatches with actual rendered output are also possible as the approaches are so different.